CODEWITHSUNDEEP
asp.netauthenticationssl
Scuba Steve
Scuba Steve

Reputation: 1648

Asp.net on-premises authentication - The remote certificate is invalid according to the validation procedure

So I'm working with our sysadmin to setup on-premises authentication (with ADFS) for the web tool we're developing here.

I've gone through the setup process, and we're getting an exception when I run the project:

"The remote certificate is invalid according to the validation procedure."

   [AuthenticationException: The remote certificate is invalid according to the   validation procedure.]
   System.Net.TlsStream.EndWrite(IAsyncResult asyncResult) +231
   System.Net.PooledStream.EndWrite(IAsyncResult asyncResult) +15
   System.Net.ConnectStream.WriteHeadersCallback(IAsyncResult ar) +119

Now I was able to actually reach the sign-in page when I plugged in this bit of code to StartupAuth.cs

   ServicePointManager.ServerCertificateValidationCallback += new RemoteCertificateValidationCallback(ValidateCertificate);
...

static bool ValidateCertificate(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors errors)
{
   return true;
}

But on login, the system threw another exception. And we don't want to always validate certificates anyway. Interestingly enough, when the sysadmin changed over to a self-signed certificate, we weren't even able to reach the login page. We're using a wildcard certificate, but I'm wondering if that's the problem.

Our sysadmin thinks we may just need to buy a properly signed certificate, but I'm wondering if there's a configuration problem on my end.

Edit: On further investigation, i've gotten a meaningful error message. Here's the debug output (I've replaced cert serial numbers and URLs with 'xxx'):

Looking at Security Cert. Issuers...
    System.Security.Cryptography.X509Certificates.X509Chain
    CN=xxxxx.xxxx.org
    Checking elements in X509 Chain:
    UntrustedRoot
    A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.

Upvotes: 0

Views: 1450

Answers (1)

Scuba Steve
Scuba Steve

Reputation: 1648

We've been able to solve the security certificate issue by installing the certificate on the ADFS server onto my dev machine under 'Trusted Root Certification Authorities'.

Upvotes: 2

Related Questions