How x509chain works in C#? I have a problem - x509certificate2

I´m developing a certificate validation module, and I´m using X509Chain for to verify certificates chain. Basically my code is:
X509Chain ch = new X509Chain();
ch.Build(cert);
In Debug mode work perfectly, but when I compile as DLL and I execute I get:
"The chain context handle is invalid"
Any help will be Appreciated! Thanks!

Related

Connection to Microsoft Dynamics 365 working in console app but not in web app

I need to modify my existing code to connect to Microsoft Dynamics 365 instead of an on-premises installation. I'm currently using the Microsoft.Xrm.Tooling.Connector and we want to keep this so that the impact on the code is as low as possible.
So I have updated my connection string to use following format:
AuthType=ClientSecret;url=https://xxx.dynamics.com;ClientId=xxx;ClientSecret=xxx;
I have updated the nuget package Microsoft.CrmSdk.XrmTooling.CoreAssembly to the latest version 9.1.0.64. The other related packages were updated at the same time.
The code I use is:
var client = new CrmServiceClient(connstring);
Unfortunately this is not working in my .net 4.7.1 web.app
I get following errors:
CurrentAccessToken = 'CurrentAccessToken' threw an exception of type 'System.NullReferenceException'
LastCrmError = "One or more errors occurred. => An error occurred while sending the request. => Unable to connect to the remote server => A connection attempt failed because the connected party did not properly respond after a period of time, or established connection fai..."
I have also already tried to add following line but the error stays:
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
To be sure that it's not related to my existing web app I have started a new project and I have included a new web app (mvc) and a new console app. Even in that new project the web app is not working but the console app is working.
A difference I see is that for CrmConnectOrgUriActual the console app contains XRMServices/2011/Organization.svc/web?SDKClientVersion=9.0.45.2156 but in the webapp this is only XRMServices/2011/Organization.svc/
Is there maybe something extra that need to be configured in the web app?
Can someone help me with this?
Update
I was able to see more of the error message and it was mentioning also following message: AuthorityUnable to connect to CRM: Need a non-empty authority
I did a new search on "Need a non-empty authority" based on the full error details.
One of the results was the following article: https://www.kashanahmed.com/2020/06/we-were-trying-to-connect-dynamics-365.html
So it seems that my issue was caused by the proxy server of our company.
Adding following lines in the web.config solved my issue
<system.net>
<defaultProxy useDefaultCredentials="true" enabled="true">
<proxy usesystemdefault="True" proxyaddress="http://theproxy" />
</defaultProxy>
</system.net>

Apple Wallet Pass local development with http url

I finished setting up the webservice routes according to Apple documentation and I am able to sign and provide passes. Unfortunately I am experiencing the following problem. When I define the webServiceUrl as "https://localhost:5000/wallet/" the signing of the pass works as expected. I am then using the pass in the iOS Simulator where I have enabled the "Allow Http Services" in the developer settings but I am still getting the "An SSL error has occurred and a secure connection to the server cannot be made" error. Trying then to use http instead of https directly in the definition of the webServiceUrl in the pass.json file produces a signing error. Do you know which steps have to be made to be able to test pass updates locally?
The warning is telling you everything you need to know.
Change your webServiceUrl to http://localhost:5000/wallet/. The developer option means that you don't have to use https and the pass should still install on any device with "Allow Http Services" set.

Make Web Request in iOS to Web Server that Accepts Client Certificates

I am writing an iOS app that hits one of our own web servers to leverage data. The IIS web server is publicly-accessible, has valid cryptography certificates, and uses TLS 1.2. To my knowledge, all that is up to snuff with App Transport Security. When making web requests in the app, the request times out, but more interestingly, this message is logged "NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9806)".
This IIS server happens to Accept X509 client certificates for a separate use case that does not involve the mobile app. Changing the setting to Ignore results in the iOS app hitting the server fine. I assume the timeout occurs because the server is prompting the app for a client certificate and it doesn't just respond that it doesn't have one. Note, I don't have the client certificates set to Require. I am not sure how to have the iOS app play nicely and just carry on when prompted by the server for a client certificate.
Is there a way to get this to work in iOS while allowing the IIS server to still Accept client certificates? I don't want to diminish ATS by adding hacky exclusions to info.plist.
I don't think it's relevant, but I am developing the iOS app in Xamarin.IOS in C#. A request goes something like this:
using (var client = new WebClient())
{
client.Headers.Add(Constants.RequestHeaders.RequestId, nonce.RequestId.ToString());
client.Headers.Add(Constants.RequestHeaders.Signature, Convert.ToBase64String(nonce.DigitalSignature));
client.Headers.Add(HttpRequestHeader.ContentType, "application/json");
var resultJson = client.UploadString("https://foo.com/Api/Register", json);
}
EDIT:
I was able to resolve this issue by using the library ModernHttpClient available via NuGet. The API site accepts client certificates, but does not require them. In most browsers, this results in a one-time prompt by the browser asking you to specify the cert you'd like to use. However, in iOS, making a programmatic web request by default does not bring up a prompt (of course) nor does it inform the server it does not have a cert to provide. Hence, the request simply timed out. With ModernHttpClient, I found a way to set this behavior to automatically resolve.
var handler = new NativeMessageHandler();
handler.ClientCertificateOptions = ClientCertificateOption.Automatic;
using (var client = new HttpClient(handler))
{ ...
Now it works fine. I'd prefer to not have to include a library just for this very specific purpose, but it works. Perhaps this specific functionality could be distilled into a few lines of code without using the library? Regardless, I'm thankful for ModernHttpClient solving this issue; it's really hacky to change server behavior just to support an iOS quirk.
Can you try change iOS Build setting.
change SSL/TLS implement use * Apple TLS *
change HttpClient implementation use * NSUrlSession *
I had similar problem and using HttpClient to call our public Https API, above setting fixed the issue.

WSO2 EMM, how to get iOS Component or sign CSR by myself?

I am trying with my team to setup a Mobile Device Management tool, but I need some help for the open source one : WSO2 EMM
I have followed offical documentation : https://docs.wso2.com/display/EMM110/Generating+a+MDM+APNS+Certificate
But when I try to get a Signed CSR file via their website, I get no answer : http://wso2.com/products/enterprise-mobility-manager/csr/
It seems to be a mandatory step, I found some messages which said that "By default EMM does not ship iOS components"
Actually, like some others, I get error "500: Something has gone wrong", with following log error
[2015-09-08 04:17:37,443] ERROR {org.jaggeryjs.jaggery.core.manager.WebAppManager} - org.mozilla.javascript.WrappedException: Wrapped org.jaggeryjs.scriptengine.exceptions.ScriptException: org.mozilla.javascript.EcmaError: TypeError: [JavaPackage org.wso2.carbon.emm.ios.core.service.iOSMobilityManagerService] is not a function, it is object. (/emm/modules/iosemm.js#13) (/emm/ios_utils/ca.jag#2)
org.jaggeryjs.scriptengine.exceptions.ScriptException: org.mozilla.javascript.WrappedException: Wrapped org.jaggeryjs.scriptengine.exceptions.ScriptException: org.mozilla.javascript.EcmaError: TypeError: [JavaPackage org.wso2.carbon.emm.ios.core.service.iOSMobilityManagerService] is not a function, it is object. (/emm/modules/iosemm.js#13) (/emm/ios_utils/ca.jag#2)
So my question is how to get these iOS components ? or how to sign the csr by myself ?
Thanks in advance for any kind of help
You might have to wait. You cannot get iOS to work without support of an MDM vendor. You need to get CSR signed by WSO2 or any other MDM vendor and WSO2 iOS components from WSO2. Or you can contact WSO2 directly and ask for help.
http://wso2.com/contact

Atempt to access security API

My project was working fine couple of minutes ago,all of a sudden i run the code and i get
the error below,i added a class but then deleted it,this is how i got the error and i cant seem to grt rid of it,ive cleaned the simulator and my project and when i debug this is the error i get
Module 'StreamingPlayer-1' attempts to access a secure API.
[0.0] AM: Error starting StreamingPlayer: Module 'StreamingPlayer-1' attempts to access a secure API.
....please how do i fix this,
thanks
You have to sign your application! read this...
Code Signing Keys
module attempts to access a secure API
You get 3 CSI Files from RIM when you ask for signing keys. You have to install all three of them before you can effectively sign your app.

Resources