RabbitMQ SSL Configuration: DotNet Client - .net-core

I am trying to connect (dotnet client) to RabbitMQ. I enabled the Peer verification option from the RabbitMQ config file.
_factory = new ConnectionFactory
{
HostName = Endpoint,
UserName = Username,
Password = Password,
Port = 5671,
VirtualHost = "/",
AutomaticRecoveryEnabled = true
};
sslOption = new SslOption
{
Version = SslProtocols.Tls12,
Enabled = true,
AcceptablePolicyErrors = System.Net.Security.SslPolicyErrors.RemoteCertificateChainErrors
| System.Net.Security.SslPolicyErrors.RemoteCertificateNameMismatch,
ServerName = "", // ?
Certs = X509CertCollection
}
Below are my client certification details which I am passing through "X509CertCollection".
CertSubject: CN=myhostname, O=MyOrganizationName, C=US // myhostname is the name of my client host.
So, if I pass "myhostname" value into sslOption.ServerName, it works. If I pass some garbage value, it still works.
As per documentation of RabbitMQ, these two value should be match i.e. certCN value and serverName. What will be the value of sslOption.ServerName here and why?

My Bad. I found the reason. Posting as it might help someone.
Reason: As I set a policy "System.Net.Security.SslPolicyErrors.RemoteCertificateNameMismatch".

Related

wso2 api manager 3.2.0 OAuth2Service Provided Callback URL does not match with the provided one error?

I faced with following exception when try to login publisher:
in browser :
Registered callback does not match with the provided url.
in console :
OAuth2Service Provided Callback URL does not match with the provided one.
deployment.toml
[server]
hostname = "172.25.129.67"
node_ip = "172.25.129.67"
#offset=0
mode = "single" #single or ha
base_path = "${carbon.protocol}://${carbon.host}:${carbon.management.port}"
#discard_empty_caches = false
server_role = "default"
in service provider
regexp=(https://172.25.129.67:9443/devportal/services/auth/callback/login|https://172.25.129.67:9443/devportal/services/auth/callback/logout)
Could you please help me to solve it?
I changed as following and it fixed.
[server]
hostname = "172.25.129.67"
node_ip = "127.0.0.1"

IdentityServer3 - Client certificate validation

I have IdentityServer3 and I'm trying to run their original samples WebHost (minimal) as the server and Console Client Credentials Flow using Certificate as the client because I want to test that the client can validate against IdS3 by using a X509 Thumbprint instead of a shared secret to get an Access Token.
The problem I'm having is that I'm getting an error response: invalid_client.
Apparently, it's because IdS3 doesn't receive the certificate on the incoming request, so it considers that the token request is invalid (I tested this by adding a custom SecretParser and checking the environment parameter and there's no ssl.ClientCertificate value which is the one X509CertificateSecretParser uses to parse it).
I'm just running both projects in 2 different instances of Visual Studio into IIS Express without modifying anything else on the projects. Is there anything that I'm missing on this matter? What else should I need to setup in order to make this work?
The first thing you need to do is to enable client certificates in IIS Express.
You do this by editing this file:
.vs\config\applicationhost.config
Change
<access sslFlags="None" />
to
<access sslFlags="Ssl, SslNegotiateCert" />
Now IIS Express supports client certificates, but it checks if the certificate is trusted as well.
The sample certificate, Client.pfx, will not work out of the box.
You can either let Windows trust the issuer of this certificate (not reccomended) or you could load an existing certificate from the certificate store with code like this:
X509Store store = new X509Store(StoreLocation.CurrentUser);
store.Open(OpenFlags.ReadOnly);
string thumb = "<thumbprint>";
X509Certificate2Collection cers = store.Certificates.Find(X509FindType.FindByThumbprint, thumb, false);
X509Certificate2 cert = null;
if (cers.Count > 0)
{
cert = cers[0];
}
store.Close();
You will also need to put the thumbprint of this certificate into the ClientSecret property in the client list on the Identity Server.
This is the sample code you will need to change:
new Client
{
ClientName = "Client Credentials Flow Client",
Enabled = true,
ClientId = "clientcredentials.client",
Flow = Flows.ClientCredentials,
ClientSecrets = new List<Secret>
{
new Secret("secret".Sha256()),
new Secret
{
Value = "<your thumbprint here>",
Type = Constants.SecretTypes.X509CertificateThumbprint,
Description = "Client Certificate"
},
},
AllowedScopes = new List<string>
{
"read",
"write"
},
Claims = new List<Claim>
{
new Claim("location", "datacenter")
}
},

Postfix Folders

When I retrieve messages (with imap) the folder /home/user/mail is created while my config files (postfix and dovecot) redirects to /home/user/Maildir folder, and Maildir folder contains emails I want to get with imap !
I made a symbolic link between these folders and now with android I can retrieve messages stored in strange folders. With ThunderBird I can not explore folders. I see that dovecot creates an .imap folder where messages are finally stored, but not like expected.
Does somebody knows the mistake I did ?
Best Regards
It was due to a bad dovecot config !
Lines added to /etc/dovecot/dovecot.conf :
ssl = yes
auth_mechanisms = plain login
mail_location = maildir:~/Maildir
passdb {
args = dovecot
driver = pam
}
protocols = imap
service auth {
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0660
user = postfix
}
}
ssl_cert = </etc/ssl/certs/ssl-cert-snakeoil.pem
ssl_key = </etc/ssl/private/ssl-cert-snakeoil.key
userdb {
driver = passwd
}

Dot Net Client and IIS hosted SignalR with Win auth

Is there a way to configure the .NET client so that it will work with a IIS hosted SingalR that uses Windows authentication?
If I disable windows authentication it works, but this is not an option
setting connection.Credentials = CredentialCache.DefaultCredentials does not help.
The code
public EventProxy(IEventAggregator eventAggregator, string hubUrl)
{
typeFinder = new TypeFinder<TProxyEvent>();
subscriptionQueue = new List<EventSubscriptionQueueItem>();
this.eventAggregator = eventAggregator;
var connection = new HubConnection(hubUrl);
connection.Credentials = CredentialCache.DefaultCredentials;
proxy = connection.CreateHubProxy("EventAggregatorProxyHub");
connection.Start().ContinueWith(o =>
{
SendQueuedSubscriptions();
proxy.On<object>("onEvent", OnEvent);
});
}
ContinueWith triggerst directly after Start and when the first subscription comes in I get a
The Start method must be called before data can be sent.
If I put a watch on the DefaultCredentials I can see that Username, Domain and Password are all String.Empty. Its a standard Console program, Enviroment.Username returns my username
Sure, set connection.Credentials = CredentialCache.DefaultCredentials. More details about credentials here http://msdn.microsoft.com/en-us/library/system.net.credentialcache.defaultcredentials.aspx.

Set up dummy proxy server on a dev environment

There is a proxy server on the clients site that all external request must go through. I am calling an external web service that needs the proxy settings.
The code I am using to set up the proxy for the web request can be seen below.
How would I go about setting up a test proxy server on my developer environment to verify that my code works?
string url = String.Format("http://currencyconverter.kowabunga.net/converter.asmx/GetConversionAmount?CurrencyFrom={0}&CurrencyTo={1}&RateDate={2}&Amount={3}", CurrencyFrom.Text, CurrencyTo.Text, formattedDate, amount);
WebRequest request = WebRequest.Create(url);
if (!string.IsNullOrEmpty(ConfigurationManager.AppSettings["proxyLogin"]))
{
WebProxy proxy = new WebProxy();
string proxyUrl = ConfigurationManager.AppSettings["proxyUrl"];
if (!string.IsNullOrEmpty(ConfigurationManager.AppSettings["proxyPort"]))
{
proxyUrl += ":" +ConfigurationManager.AppSettings["proxyPort"];
}
// Associate the newUri object to 'myProxy' object so that new myProxy settings can be set.
proxy.Address = new Uri(proxyUrl);
// Create a NetworkCredential object and associate it with the
// Proxy property of request object.
proxy.Credentials = new NetworkCredential(ConfigurationManager.AppSettings["proxyLogin"], ConfigurationManager.AppSettings["proxyPassword"]);
request.Proxy = proxy;
}
WebResponse response = request.GetResponse();
You can install a proxy server in your development environment and configure the machines in such a way that the service is deployed beyond the firewall and you need to connect to the service through the proxy server only.

Resources