CODEWITHSUNDEEP
asp.netasp.net-mvc
John John
John John

Reputation: 1

The remote certificate is invalid according to the validation procedure

I have downloaded a trial version of a product that provides API over https. And currently inside my asp.net mvc web application I am doing the following to execute an API call to the trial version of the product:-

[HttpPost]
        [ValidateAntiForgeryToken]
        public ActionResult Create(RackJoin rj, FormCollection formValues)
        {
            string controllername = RouteData.Values["controller"].ToString();
            if (ModelState.IsValid)
            {
                var message = "";
                var status = "";
                long assetid = new long();
                XmlDocument doc = new XmlDocument();
                using (var client = new WebClient())
                {
                    var query = HttpUtility.ParseQueryString(string.Empty);
                    foreach (string key in formValues)
                    {
                        query[key] = this.Request.Form[key];
                    }

query["username"] =  System.Web.Configuration.WebConfigurationManager.AppSettings["ApiUserName"];
query["password"] =  System.Web.Configuration.WebConfigurationManager.AppSettings["ApiPassword"];
string apiurl = "https://win-spdev:8400/servlets/AssetServlet";
//code goes here…..
                    var url = new UriBuilder(apiurl);
                    url.Query = query.ToString();

but I will get the following Security.Authentication.AuthenticationException, exception:-

Error occurred:System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.

at System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, Exception exception) at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, ...

Baring in mind that I can call the API without any problems, if I directly call the API from my web browser as follow :-

https://win-spdev:8400/servlets/AssetServlet?username=tmsservice&password=test2test2&assetType=Rack&operation=UpdateAsset&assetName=rack9090909858585&accountName=GROUP&siteName=test%20site&productName=rackproductone

So is this problem related to that the API is over https , and since I am working with a trial version of the product inside my development machine should I install a valid certificate? Or the problem is not related to security certification ? Thanks

Upvotes: 9

Views: 37568

Answers (2)

Darin Dimitrov
Darin Dimitrov

Reputation: 1038790

The problem is that you haven't configured a valid SSL certificate. Since valid SSL certificate cost money, for development purposes, I guess you used an auto-signed certificate. You could ignore those error by settings the ServerCertificateValidationCallback static property in your Application_Start:

System.Net.ServicePointManager.ServerCertificateValidationCallback += 
    (s, cert, chain, sslPolicyErrors) => true;

NOTE: Avoid doing this in production. When you deploy on LIVE make sure you are using a valid SSL certificate.

Upvotes: 34

leqid
leqid

Reputation: 931

With a nod to Darin Dimitrov... VB.NET folks can use this (in my web application's Global.asax.vb):

Sub Application_Start(ByVal sender As Object, ByVal e As EventArgs)
System.Net.ServicePointManager.ServerCertificateValidationCallback = Function(s, cert, chain, sslPolicyErrors)
                                                                       Return True
                                                                     End Function
End Sub

Upvotes: 2

Related Questions