Using version 2.0 for Asp.NET SignalR, we have created a prototype application that has a WPF client application and a web site that has SignalR configured. This prototype works correctly when run on the local developer computer and when the web site was deployed to an internal development server.
An issue that has been encountered once the web site was deployed to an external server; the following exception is encountered when the HubConnection.Start method is called:
HttpClientException
A first chance exception of type 'Microsoft.AspNet.SignalR.Client.HttpClientException' occurred in mscorlib.dll
Additional information: StatusCode: 407, ReasonPhrase: 'Proxy Authentication Required ( Forefront TMG requires authorization to fulfill the request. Access to the Web Proxy filter is denied…
The network that the developer computer is on requires the use of a proxy to reach the Internet. The web site that has the SignalR component also has some WCF endpoints; these can be connected to using the HttpClient within the WPF client application when the proxy is set in code. The same approach to set the proxy was done on the HubConnection but the error is encountered.
Below is code on how the proxy is set to the HubConnection; the same credentials work when accessing the other, non-signalR, endpoints:
var proxyInfo = new WebProxy(new Uri(“theAddress”));
proxyInfo.Credentials = new NetworkCredential(“theUserName”, “thePassword”, “theDomain”);
hubConnection.Proxy = proxyInfo;
Is there something else that has to be set with the HubConnection for it to use the proxy?
Thanks,
Scott
The issue is that there is a bug with the 4.5 .NET Client for SignalR; the proxy information is not being sent with the requests in the HubConnection. This is a regression from the 1.0 release.
The link below contains the information:
https://github.com/SignalR/SignalR/issues/2856
Related
I have an ASP Web Api (.Net Framework 4.6.1) which accepts client certificates. The requirement is to send a custom validation message in the response of a request that has an invalid certificate.
For example, if the certificate is missing I should send back "Client certificate is missing", if the OCSP validation fails, I should send back "Certificate has been revoked", etc.
This is the code:
public class CertificateMessageHandler : DelegatingHandler
{
protected override async Task<HttpResponseMessage> SendAsync(HttpRequestMessage request,
CancellationToken cancellationToken)
{
var certificate = request.GetClientCertificate();
}
}
I have a client application where I select what certificate I want to use, and it does a request to the web api application (which is hosted on another machine). If the certificate is valid, then request.GetClientCertificates() returns the certificate, otherwise, if the certificate is expired or self-signed, request.GetClientCertificates() return null.
I have disable the automatic CLR validation by the IIS:
netsh http show sslcert
netsh http delete sslcert ipport=0.0.0.0:443
netsh http add sslcert ipport=0.0.0.0:443 e104e... appid={4dc3e181-...} certstorename=My verifyclientcertrevocation=disable
I have set:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HTTP\Parameters\SslBindingInfo\0.0.0.0:443\DefaultSslCertCheckMode=1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\SendTrustedIssuerList=0
None of the above settings worked.
Note: a 3rd party that uses the web app might send a self-signed certificate and the business logic should reject the request for such certificates, therefore, the inclusion of the CA, that was used to sign the certificate, in the Trusted Root Store, isn't possible.
Any help is appreciated on how to get the client certificate from the request.
EDIT: it seems that the module "IIS Web Core" validates the certificate against the certificates store way before the request is "forwarded" by IIS to my application:
You could try to check the below settings:
set the iis SSL setting to accept:
and set below code in web.config file:
<iisClientCertificateMappingAuthentication enabled="true">
</iisClientCertificateMappingAuthentication>
Edit:
Asp.net Core is a framework and Hostable Web Core (known as HWC) is a new concept in IIS to host a website/web services inside your own process. In short a smaller hosted version of IIS (an IIS express edition?).
This is accomplished by making a LoadLibrary call to load hwebcore.dll (%systemdrive%\Windows\System32\inetsrv\hwebcore.dll)
Try to disable the Hostable Web Core feature by following below steps:
Open control panel.
Click on “Turn Windows features on or off” from the left pane.
Locate Internet Information Services(IIS) Hostable Web Core from the list and uncheck the checkbox.
restart iis after doing changes.
https://blogs.iis.net/sukesh/iis7-hosted-web-core-custom-service-webcoreservice
refer this below links or more detail:
HttpRequestMessage.GetClientCertificate() returns null in Web API
How to use a client certificate to authenticate and authorize in a Web API
Client Authentication for WebAPI 2
I have developed a web app using SignalR and its working perfectly on my development server. But for some unknown reasons its not working on production server.
I have done some tests:
$.connection.hub.start().done(function () {
console.log('started');
});
This always gives my 'started' in console as expected. So client and server are connected. But when I send any data like login credentials, i am not receiving anything back.
Here is the connection frames image. As you can see client is sending data to server but not receiving anything in response.
public override Task OnConnected()
{
Clients.All.Listen("Connected to HUB");
}
CLIENT SIDE Listen method:
hub.client.listen = function (response) {
console.log('Listen', response);
}
There is a Listen method which I use to debug. This doesn't print anything. So signalr client server are not connecting.
EDIT:
Reported issue here: https://github.com/SignalR/SignalR/issues/4279 if this helps.
EDIT2:
My webapp is a Vue js 2 app. I compiled using vue-cli and uploaded to server. My signalr.js file is copied from an ASP.NET MVC project.
I made a Test ASP.NET MVC 5 app with SignalR 2.4 and I was able to communicate on live server.
https://learn.microsoft.com/en-us/aspnet/signalr/overview/testing-and-debugging/troubleshooting
IIS issues
This section contains issues with Internet Information Services.
SignalR works on Visual Studio development server, but not in IIS
SignalR is supported on IIS 7.0 and 7.5, but support for extensionless URLs must be added. To add support for extensionless
URLs, see https://support.microsoft.com/kb/980368
SignalR requires ASP.NET to be installed on the server (ASP.NET is not installed on IIS by default). To install ASP.NET, see ASP.NET
Downloads.
I have a very weird issue with a Web Application I have deployed.
Relevant Data:
Application Server: IIS 7.5
Server: Windows Server 2008 R2 Standard SP1
Framework: ASP.NET
.NET Framework: 4 (4.0.30319)
Application Pool: Integrated
I the web application I make use of a service that's authenticated with Client Certificate Authentication. I don't have problems relating to the authentication itself (it is working on my development environment). But I am seeing problems whenever I want to use the service from the server (production) environment.
Here's the relevant portion of the CODE:
private void SetupClienteCertificate(HttpWebRequest req)
{
var binding = new BasicHttpBinding();
binding.Security.Mode = BasicHttpSecurityMode.Transport;
binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Certificate;
var crt = new X509Certificate2(
txtClientCertificateFile.Text,
txtCertificatePassword.Text,
X509KeyStorageFlags.MachineKeySet
);
req.ClientCertificates.Add(crt);
}
The error I am getting is pretty common and self explanatory:
The request was aborted: Could not create SSL/TLS secure channel.
The very weird part of it is that if I run the exact same code from a C# .Net Windows Forms Desktop Application (with the same .NET 4 framework) I can get the code to communicate with the server.
So my question is: Why is it working from the Desktop Application and not working from the ASP.NET Web Application?
Some stuff that I've already made sure of:
SSLv3, TLS, TLSv1, TLSv2 are enabled in the registry
I am ignoring SSL CERTIFICATE ERRORS (not necessary, but JUST IN CASE)
Restarted the Application Pool every time I change something configuration wise.
Any ideas?
I think I get your problem. Can you ensure the account under which application pool is running have sufficient privilege to read certificate from certificate
store.
I have a .Net 4.5.2 WebApp that is calling my API. When I point my web app to the LocalHost version of my API, it gets the data, and comes back just fine. I published that API, and confirm that the API is working correctly with PostMan.
Then I run the exact same WebApp code, changing only the URI from localhost to live api, and I get a multiple exception error consisting of the following:
An existing connection was forcibly closed by the remote host
Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host.
The underlying connection was closed: An unexpected error occurred on a send.
An error occurred while sending the request.
Here's my calling code
using (HttpClient client = new HttpClient())
{
client.DefaultRequestHeaders.Accept.Clear();
client.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
client.DefaultRequestHeaders.Add("user", serializedUser);
response = null;
try
{
//Uri uri = new Uri("https://jsonplaceholder.typicode.com/posts/1");//https works
Uri uri = new Uri("https://api.acme.com/values/test");
//Uri uri = new Uri("http://localhost/5000/values/test"); //http localhost works
response = client.GetAsync(uri).Result;
}
catch (Exception e)
{
string er = e.Message;
}
}
EDIT 1: I created a .NET Core app from scratch, and my original code works perfectly calling my live API. My original code also work in .NET 4.5.2 calling a different "https" API.
EDIT 2:
So this is where I'm at now, I have created two generic apps from VS 2015, one is a .NET Core Web App, the other a .NET Framework Web App. I have used the above code exactly the same in both apps to call the API. In both apps, I can call a generic "https" api I found online (jsonplaceholder). I can also call the localhost version of my app at "http" from both. In the .NET Core version of the app, I can call my "https" live API and get the results I'm looking for. In the .NET Framework app I still get the same errors.
I can't figure out what the difference is between my Core and Framework requests that is getting one shut down when the other isn't.
It seems you are hosting the application on secured http environment (https). Are you using SSL certificate on the server where you are hosting your Web API? If not, It might be throwing the certificate related exceptions.
Just add the following line before the call to GetAsync and This will ignore the SSL errors.
ServicePointManager.ServerCertificateValidationCallback = delegate { return true; };
This is only recommended in an intranet environment or other closed network where server identities can't be forged.
C# Ignore certificate errors?
Adding the following line before my API call fixed the issue, but I'd love to hear an explanation of what this line does, and any security risks this might impose using it in my web app.
System.Net.ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12 | SecurityProtocolType.Tls11 | SecurityProtocolType.Tls;
Props to this answer!
I have a Windows 8.1 Store application that I side-load on a Windows 10 Enterprise DELL tablet. The app uses data from a repository via an ASP.NET Web API installed on a remote server. The Web API is configured to use Windows Authentication. If I use Fiddler to make Web API calls I can see the several steps in the NTLM negotiation, the 401.2 HTTP Error messages returned twice before the HTTP 200 Ok.
However, my application gets the 401.1 and then it does not do anything else. In my application's package manifest, I have checked Enterprise Authentication check box in the list of required capabilities. Also, when I tested it with the Visual Studio Simulator, on my development machine, the negotiation was done and the Web API responded properly to my calls.
In order to have the NTLM Negotiation done automatically in the background, I though all that needs to be done is to have an HttpClientHandler object constructed like this:
var webApiAuthClientHandler = new HttpClientHandler()
{
Credentials = CredentialCache.DefaultNetworkCredentials,
ClientCertificateOptions = ClientCertificateOption.Automatic
};
Then, this HttpClientHandler object would be passed in the constructor of the HttpClient object used to make the Web API calls:
var webApiHttpClient = new HttpClient(webApiAuthClientHandler)
{
BaseAddress = new Uri(_myWebApiUri, UriKind.Absolute),
Timeout = new TimeSpan(0, 0, 150)
};
What am I missing? How do I get my app to automatically negotiate the authentication in the background and have my GetAsync call return the needed HTTP Code 200?
Any suggestion would be highly appreciated.
TIA,
Eddie
I see your issue has been resolved in MSDN forum: https://social.msdn.microsoft.com/Forums/windowsapps/en-US/58620579-240d-49da-8538-cee5aff91a68/w81-sideloaded-windows-81-application-generates-an-exception-when-calling-methods-of-an-restful?forum=wpdevelop
So I post it here to help more visitors find the solution easily.
Thank you.