11

I'm making an application that involves a website on localhost as a user interface with Asp.net Core and SignalR Core.

My problem is that I get an authentication exception when starting the connection. I know this happens because I haven't ran dotnet dev-certs https --trust. But I can't expect an average user to run this command or have the dotnet SDK installed at all.

I've tried using 

ServicePointManager.ServerCertificateValidationCallback += (sender, certificate, chain, sslPolicyErrors) => true;

in my Startup.cs (and other places, but I understand that it's a global setting. in any case it was executed before the HubConnection) to no avail. I also tried setting a new HttpMessageHandlerFactory, but the documentation tells me that doesnt affect Websockets.

I don't believe this is a solution, because I can't use a different HttpClient (unless I'm mistaken)

As you can see, I'm not connecting to https at all:

connection = new HubConnectionBuilder().WithUrl("http://localhost:5000/MiniLyokoHub" ).Build();

So I don't see why it is even trying to get the certificate.

Here is the full error: https://pastebin.com/1ELbeWtc

How can I get around this issue? I don't need a certificate, since the user will be connecting to their own localhost. Or should I just not use websockets?

GoodOldJack12
  • 163
  • 1
  • 7
  • You are neither supposed to run websites locally in production, nor to use the dev cert on client machines. – Marco Mar 25 '19 at 19:30
  • Just a question: if the user is connecting always to localhost, why https at all? Wouldnt plain http suffice? – ZorgoZ Mar 25 '19 at 19:30
  • Possible duplicate of [bypass invalid SSL certificate in .net core](https://stackoverflow.com/questions/38138952/bypass-invalid-ssl-certificate-in-net-core) – Manoj Choudhari Mar 25 '19 at 19:33
  • @ZorgoZ it would suffice, and I'm connecting to the http port, but it still throws an exception – GoodOldJack12 Mar 25 '19 at 19:33
  • That's strange. Remember: secure SignalR will first try to use WSS instead of WS, not https or http. Check developer console for the actual protocol. – ZorgoZ Mar 25 '19 at 19:49
  • @ZorgoZ Where can I find the protocol? edited the post with some more information – GoodOldJack12 Mar 25 '19 at 20:00

2 Answers2

20

When connecting to HTTPS, to always verify the SSL certificate in SignalR Core client you should do this in HttpMessageHandlerFactory configs. Use HttpConnectionOptions in WithUrl method like this:

connection = new HubConnectionBuilder()
.WithUrl("https://localhost:443/MiniLyokoHub", (opts) =>
{
    opts.HttpMessageHandlerFactory = (message) =>
    {
        if (message is HttpClientHandler clientHandler)
            // always verify the SSL certificate
            clientHandler.ServerCertificateCustomValidationCallback +=
                (sender, certificate, chain, sslPolicyErrors) => { return true; };
        return message;
    };
})
.Build();
Chris Halcrow
  • 25,566
  • 14
  • 148
  • 174
Mahdi Ataollahi
  • 3,679
  • 2
  • 20
  • 33
  • Thank you so much! Exactly what I as someone who is using HTTPS was looking for! – The-IT Apr 10 '21 at 08:46
  • I tried many other approaches and this was the only one that worked. This works as a workaround if you're running a .NET Core app (that has a SignalR hub) in Docker using Linux containers. In my case, I successfully set up my .NET Core app that creates the SignalR hub, so that the app used https using the .NET Core self-signed developer certificate, but for some reason when the SignalR hub is running a Linux Docker container, any client connection to the SignalR hub was giving the error `The remote certificate is invalid according to the validation procedure`. – Chris Halcrow May 10 '21 at 03:36
  • worked like a charm – Tiago S Dec 11 '21 at 20:47
3

It seems that the SignalR Core Client is also subject to Https redirection Which is why it wouldn't connect to the http port.

For my use case, I just had to disable it in Startup.cs

GoodOldJack12
  • 163
  • 1
  • 7