Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure

6
votes

I have downloaded a trial version of a product that provides API over https. And currently inside my asp.net mvc web application I am doing the following to execute an API call to the trial version of the product:-

[HttpPost]
        [ValidateAntiForgeryToken]
        public ActionResult Create(RackJoin rj, FormCollection formValues)
        {
            string controllername = RouteData.Values["controller"].ToString();
            if (ModelState.IsValid)
            {
                var message = "";
                var status = "";
                long assetid = new long();
                XmlDocument doc = new XmlDocument();
                using (var client = new WebClient())
                {
                    var query = HttpUtility.ParseQueryString(string.Empty);
                    foreach (string key in formValues)
                    {
                        query[key] = this.Request.Form[key];
                    }

query["username"] =  System.Web.Configuration.WebConfigurationManager.AppSettings["ApiUserName"];
query["password"] =  System.Web.Configuration.WebConfigurationManager.AppSettings["ApiPassword"];
string apiurl = "https://win-spdev:8400/servlets/AssetServlet";
//code goes hereā€¦..
                    var url = new UriBuilder(apiurl);
                    url.Query = query.ToString();

but I will get the following exception:-

Error occurred:System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure. at System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, Exception exception) at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult) at System.Net.TlsStream.CallProcessAuthentication(Object state) at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx) at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx) at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state) at System.Net.TlsStream.ProcessAuthentication(LazyAsyncResult result) at System.Net.TlsStream.Write(Byte[] buffer, Int32 offset, Int32 size) at System.Net.PooledStream.Write(Byte[] buffer, Int32 offset, Int32 size) at System.Net.ConnectStream.WriteHeaders(Boolean async)

Baring in mind that I can call the API without any problems, if I directly call the API from my web browser as follow :-

https://win-spdev:8400/servlets/AssetServlet?username=tmsservice&password=test2test2&assetType=Rack&operation=UpdateAsset&assetName=rack9090909858585&accountName=GROUP&siteName=test%20site&productName=rackproductone

So is this problem related to that the API is over https , and since I am working with a trial version of the product inside my development machine should I install a valid certificate? Or the problem is not related to security certification ? Thanks

2
asp.netasp.net-mvc

2 Answers

30
votes

The problem is that you haven't configured a valid SSL certificate. Since valid SSL certificate cost money, for development purposes, I guess you used an auto-signed certificate. You could ignore those error by settings the ServerCertificateValidationCallback static property in your Application_Start:

System.Net.ServicePointManager.ServerCertificateValidationCallback += 
    (s, cert, chain, sslPolicyErrors) => true;

NOTE: Avoid doing this in production. When you deploy on LIVE make sure you are using a valid SSL certificate.

2
votes

With a nod to Darin Dimitrov... VB.NET folks can use this (in my web application's Global.asax.vb):

Sub Application_Start(ByVal sender As Object, ByVal e As EventArgs)
System.Net.ServicePointManager.ServerCertificateValidationCallback = Function(s, cert, chain, sslPolicyErrors)
                                                                       Return True
                                                                     End Function
End Sub