Web Public The SSL connection could not be established when published on IIS

[ahmadmasoum]

ABP Framework version: 5.1.4.

• Your User Interface: MVC
• Your database provider: EF Core
• Exception message and stack trace

2022-03-08 12:54:23.756 +03:00 [INF] Request starting HTTP/2 GET https://www.carsharing.com/webPublic - -
2022-03-08 12:54:23.758 +03:00 [WRN] Could not find IdentityClientConfiguration for AbpMvcClient. Either define a configuration for AbpMvcClient or set a default configuration.
2022-03-08 12:54:23.758 +03:00 [INF] Start processing HTTP request GET "https://www.carsharing.com/ApiHost/api/abp/application-configuration?api-version=1.0"
2022-03-08 12:54:23.758 +03:00 [INF] Sending HTTP request GET "https://www.carsharing.com/ApiHost/api/abp/application-configuration?api-version=1.0"
2022-03-08 12:54:23.765 +03:00 [ERR] Connection ID "17005592223821070602", Request ID "4000010b-0007-ec00-b63f-84710c7967bb": An unhandled exception was thrown by the application.
Volo.Abp.Http.Client.AbpRemoteCallException: An error occurred during the ABP remote HTTP request. (The SSL connection could not be established, see inner exception.) See the inner exception for details.
 ---> System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception.
 ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure: RemoteCertificateNameMismatch
   at System.Net.Security.SslStream.SendAuthResetSignal(ProtocolToken message, ExceptionDispatchInfo exception)
   at System.Net.Security.SslStream.CompleteHandshake(SslAuthenticationOptions sslAuthenticationOptions)
   at System.Net.Security.SslStream.ForceAuthenticationAsync[TIOAdapter](TIOAdapter adapter, Boolean receiveFirst, Byte[] reAuthenticationData, Boolean isApm)
   at System.Net.Http.ConnectHelper.EstablishSslConnectionAsync(SslClientAuthenticationOptions sslOptions, HttpRequestMessage request, Boolean async, Stream stream, CancellationToken cancellationToken)
   --- End of inner exception stack trace ---
   at System.Net.Http.ConnectHelper.EstablishSslConnectionAsync(SslClientAuthenticationOptions sslOptions, HttpRequestMessage request, Boolean async, Stream stream, CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.ConnectAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.CreateHttp11ConnectionAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.AddHttp11ConnectionAsync(HttpRequestMessage request)
   at System.Threading.Tasks.TaskCompletionSourceWithCancellation`1.WaitWithCancellationAsync(CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.GetHttp11ConnectionAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.SendWithVersionDetectionAndRetryAsync(HttpRequestMessage request, Boolean async, Boolean doRequestAuth, CancellationToken cancellationToken)
   at System.Net.Http.DiagnosticsHandler.SendAsyncCore(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
   at System.Net.Http.RedirectHandler.SendAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
   at Microsoft.Extensions.Http.Logging.LoggingHttpMessageHandler.SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
   at Microsoft.Extensions.Http.Logging.LoggingScopeHttpMessageHandler.SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
   at System.Net.Http.HttpClient.<SendAsync>g__Core|83_0(HttpRequestMessage request, HttpCompletionOption completionOption, CancellationTokenSource cts, Boolean disposeCts, CancellationTokenSource pendingRequestsCts, CancellationToken originalCancellationToken)
   at Volo.Abp.Http.Client.ClientProxying.ClientProxyBase`1.RequestAsync(ClientProxyRequestContext requestContext)
   --- End of inner exception stack trace ---
   at Volo.Abp.Http.Client.ClientProxying.ClientProxyBase`1.RequestAsync(ClientProxyRequestContext requestContext)
   at Volo.Abp.Http.Client.ClientProxying.ClientProxyBase`1.RequestAsync[T](ClientProxyRequestContext requestContext)
   at Volo.Abp.Http.Client.ClientProxying.ClientProxyBase`1.RequestAsync[T](String methodName, ClientProxyRequestTypeValue arguments)
   at Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.ClientProxies.AbpApplicationConfigurationClientProxy.GetAsync()
   at Volo.Abp.AspNetCore.Mvc.Client.MvcCachedApplicationConfigurationClient.<GetAsync>b__14_0()
   at Volo.Abp.Caching.DistributedCache`2.GetOrAddAsync(TCacheKey key, Func`1 factory, Func`1 optionsFactory, Nullable`1 hideErrors, Boolean considerUow, CancellationToken token)
   at Volo.Abp.AspNetCore.Mvc.Client.MvcCachedApplicationConfigurationClient.GetAsync()
   at Volo.Abp.AspNetCore.Mvc.Client.RemoteLanguageProvider.GetLanguagesAsync()
   at Microsoft.AspNetCore.RequestLocalization.DefaultAbpRequestLocalizationOptionsProvider.GetLocalizationOptionsAsync()
   at Microsoft.AspNetCore.RequestLocalization.AbpRequestLocalizationMiddleware.InvokeAsync(HttpContext context, RequestDelegate next)
   at Microsoft.AspNetCore.Builder.UseMiddlewareExtensions.<>c__DisplayClass6_1.<<UseMiddlewareInterface>b__1>d.MoveNext()
--- End of stack trace from previous location ---
   at Microsoft.AspNetCore.Builder.Extensions.UsePathBaseMiddleware.InvokeCore(HttpContext context, String matchedPath, String remainingPath)
   at Microsoft.AspNetCore.Server.IIS.Core.IISHttpContextOfT`1.ProcessRequestAsync()
2022-03-08 12:54:23.765 +03:00 [INF] Request finished HTTP/2 GET https://www.carsharing.com/webPublic - - - 500 - - 8.3926ms

• Steps needed to reproduce the problem.

I've published HttpApi.Host and IdentityServer on IIS and they are working correctly

https://www.carsharing.com/ApiHost
https://www.carsharing.com/IdentityServer

But when I publish Web.Public I get the error above
I check all configurations in appsettings and they are correct

I

        ServicePointManager.ServerCertificateValidationCallback += (sender, certificate, chain, errors) =>
        {
            return true;
        };

and

        options.BackchannelHttpHandler = new HttpClientHandler
        {
            ServerCertificateCustomValidationCallback = HttpClientHandler.DangerousAcceptAnyServerCertificateValidator
        };

in AddAuthentication method in Web.Public project to accept any certificate but with no luck

Note: I'm using self signed certificate

Web.Public appsettings

{
  "App": {
    "SelfUrl": "https://www.carsharing.com/WebPublic"
  },
  "Redis": {
    "Configuration": "127.0.0.1"
  },
  "RemoteServices": {
    "Default": {
      "BaseUrl": "https://www.carsharing.com/ApiHost"
    },
    "AbpAccountPublic": {
      "BaseUrl": "https://www.carsharing.com/ApiHost"
    }
  },
  "AuthServer": {
    "Authority": "https://www.carsharing.com/IdentityServer",
    "RequireHttpsMetadata": "true",
    "ClientId": "CarSharing_Web_Public_Tiered",
    "ClientSecret": "1q2w3e*"
  }
}

[maliming]

The remote certificate is invalid according to the validation procedure: RemoteCertificateNameMismatch

ServerCertificateValidationCallback in which project?

[ahmadmasoum]

The remote certificate is invalid according to the validation procedure: RemoteCertificateNameMismatch

ServerCertificateValidationCallback in which project?

In Web.Public, HttpApi.Host and IdentityServer.

HttpApi.Host and IdentityServer

context.Services.AddAuthentication()
            .AddJwtBearer(options =>{
                options.BackchannelHttpHandler = new HttpClientHandler
                {
                    ServerCertificateCustomValidationCallback = HttpClientHandler.DangerousAcceptAnyServerCertificateValidator
                };)

Web.Public

context.Services.AddAuthentication()
           .AddAbpOpenIdConnect("oidc", options => {
                options.BackchannelHttpHandler = new HttpClientHandler
                {
                    ServerCertificateCustomValidationCallback = HttpClientHandler.DangerousAcceptAnyServerCertificateValidator
                };)

[maliming]

Please try to configure the HttpClient's handler.

#5304

[gterdem]

I think you are trying to bypass SSL verification for identityserver. You can generate a self-signed pfx file and use it in identityserver for signing the tokens as in this sample.

[ahmadmasoum]

Adding

        PreConfigure<AbpHttpClientBuilderOptions>(options =>
        {
            options.ProxyClientBuildActions.Add((remoteServiceName, clientBuilder) =>
            {
                clientBuilder.ConfigurePrimaryHttpMessageHandler(() => new HttpClientHandler
                {
                    ClientCertificateOptions = ClientCertificateOption.Manual,
                    ServerCertificateCustomValidationCallback =
                    (httpRequestMessage, cert, cetChain, policyErrors) =>
                    {
                        return true;
                    }
                });
            });
        });

To

public override void PreConfigureServices(ServiceConfigurationContext context)

while keeping

context.Services.AddAuthentication()
           .AddAbpOpenIdConnect("oidc", options => {
                options.BackchannelHttpHandler = new HttpClientHandler
                {
                    ServerCertificateCustomValidationCallback = HttpClientHandler.DangerousAcceptAnyServerCertificateValidator
                };)

Worked just fine
Thank you

[muhammadyudhat]

Hello every one

How is the implementation in the latest version of ABP (ABP CLI 8.1.3)?

Already try
https://docs.abp.io/en/commercial/latest/startup-templates/application/deployment-iis?UI=Blazor&DB=EF&Tiered=No

Your User Interface: Blazor
Your database provider: EF Core

Exception message and stack trace

On Postman:
access from ip public : Unable to verify the first certificate

[muhammadyudhat]