Scuba Steve Scuba Steve - 1 year ago 138
ASP.NET (C#) Question on-premises authentication - The remote certificate is invalid according to the validation procedure

So I'm working with our sysadmin to setup on-premises authentication (with ADFS) for the web tool we're developing here.

I've gone through the setup process, and we're getting an exception when I run the project:

"The remote certificate is invalid according to the validation procedure."

[AuthenticationException: The remote certificate is invalid according to the validation procedure.]
System.Net.TlsStream.EndWrite(IAsyncResult asyncResult) +231
System.Net.PooledStream.EndWrite(IAsyncResult asyncResult) +15
System.Net.ConnectStream.WriteHeadersCallback(IAsyncResult ar) +119

Now I was able to actually reach the sign-in page when I plugged in this bit of code to StartupAuth.cs

ServicePointManager.ServerCertificateValidationCallback += new RemoteCertificateValidationCallback(ValidateCertificate);

static bool ValidateCertificate(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors errors)
return true;

But on login, the system threw another exception. And we don't want to always validate certificates anyway. Interestingly enough, when the sysadmin changed over to a self-signed certificate, we weren't even able to reach the login page. We're using a wildcard certificate, but I'm wondering if that's the problem.

Our sysadmin thinks we may just need to buy a properly signed certificate, but I'm wondering if there's a configuration problem on my end.

Edit: On further investigation, i've gotten a meaningful error message. Here's the debug output (I've replaced cert serial numbers and URLs with 'xxx'):

Looking at Security Cert. Issuers...
Checking elements in X509 Chain:
A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.

Answer Source

We've been able to solve the security certificate issue by installing the certificate on the ADFS server onto my dev machine under 'Trusted Root Certification Authorities'.

Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download