Reputation: 114
Having certificate issues when calling Web API from Web App
I am developing a web api and a web app locally. I am having trouble calling the web api from the web app.
When I call it I keep getting the error: "The remote certificate is invalid according to the validation procedure."
Both apps are built with ASP.Net Core and are running on kestrel. The webapp is callable as https://mylibrary.com:5003 and the Web API is callable as https://api.mylibrary.com:5001.
How can I get them working together with valid certificates?
Edit: Come to realise that the issue is that the apps are using localhost certs by default. I want to be able to use my own self signed cert.
If someone can point me to somewhere that explains how to set up two apps to use a self-signed certificate in .net core web projects please do :)
Upvotes: 2
Views: 10373
Answers (2)
Reputation: 149
If you need to work around the cert validation using HttpClient, you could do it by creating a HttpClientHandler and passing it to HttpClient as per Rohit Jangid's answer to The SSL connection could not be established
HttpClientHandler clientHandler = new HttpClientHandler();
clientHandler.ServerCertificateCustomValidationCallback = (sender, cert, chain, sslPolicyErrors) => { return true; };
// Pass the handler to httpclient(from you are calling api)
HttpClient client = new HttpClient(clientHandler)
Avoid accidentally circumventing certificate validation in production by checking if it is in development environment:
HttpClient httpClient = new HttpClient();
if (env.IsDevelopment())
{
HttpClientHandler clientHandler = new HttpClientHandler();
clientHandler.ServerCertificateCustomValidationCallback = (sender, cert, chain, ssl) => { return true; };
httpClient = new HttpClient(clientHandler);
}
Inject information about webhostenvironment by injecting it in the handler/action:
public async Task OnGet([FromServices] IWebHostEnvironment env)
Upvotes: 2
Related Questions
- .Net Core Web API with Client Certificate Authentication
- The SSL connection could not be established between WebApp and WebApi (Asp Core 3.1)
- Can't move from calling TLS authenticated Web API from console application to ASP.NET MVC IIS hosted application
- asp.net core web api local https problems
- Failed to Authenticate HTTPS connection when attempting GET from WebAPI
- Webapi http call results in SSL exception
- After hosting asp.net core web api as Window Service, https (https://localhost:5001/api/values) - - not accessible
- Can't access Web Api over https from Web Client on the same server
- how to consume my own web api without getting a certificate invalid error
- web api call from WPF over SSL