Scuba Steve Scuba Steve - 1 month ago 10
ASP.NET (C#) Question

Asp.net on-premises authentication - The remote certificate is invalid according to the validation procedure

So I'm working with our sysadmin to setup on-premises authentication (with ADFS) for the web tool we're developing here.

I've gone through the setup process, and we're getting an exception when I run the project:

"The remote certificate is invalid according to the validation procedure."

[AuthenticationException: The remote certificate is invalid according to the validation procedure.]
System.Net.TlsStream.EndWrite(IAsyncResult asyncResult) +231
System.Net.PooledStream.EndWrite(IAsyncResult asyncResult) +15
System.Net.ConnectStream.WriteHeadersCallback(IAsyncResult ar) +119


Now I was able to actually reach the sign-in page when I plugged in this bit of code to StartupAuth.cs

ServicePointManager.ServerCertificateValidationCallback += new RemoteCertificateValidationCallback(ValidateCertificate);
...

static bool ValidateCertificate(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors errors)
{
return true;
}


But on login, the system threw another exception. And we don't want to always validate certificates anyway. Interestingly enough, when the sysadmin changed over to a self-signed certificate, we weren't even able to reach the login page. We're using a wildcard certificate, but I'm wondering if that's the problem.

Our sysadmin thinks we may just need to buy a properly signed certificate, but I'm wondering if there's a configuration problem on my end.

Edit: On further investigation, i've gotten a meaningful error message. Here's the debug output (I've replaced cert serial numbers and URLs with 'xxx'):

Looking at Security Cert. Issuers...
System.Security.Cryptography.X509Certificates.X509Chain
CN=xxxxx.xxxx.org
Checking elements in X509 Chain:
UntrustedRoot
A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.

Answer

We've been able to solve the security certificate issue by installing the certificate on the ADFS server onto my dev machine under 'Trusted Root Certification Authorities'.