2

In Server1 - (IIS hosted, Self Signed Certificate)

  • I hosted the IdentityServer3 named myDevIds3.com , the Url is exposed to internet, with SSL.
  • I hosted the ASP.Net MVC Client, which uses ids3 for login, works fine.
  • I hosted the Web API, which is called by the MVC Client, uses ids3 (in the same server), works fine.

In Development Server / Box.

  • I hosted MVC client (X), which uses client side js famework (https://github.com/IdentityModel/oidc-client-js) to connect to Server1 hosted ids3 (myDevIds3.com), works fine.
  • I hosted an Web API, which is called by MVC Client (X), while API uses myDevIds3.com for authorisation. [HERE is the problem]

When I try to access this Web API, I am getting an error in the Startup.cs - The remote certificate is invalid according to the validation procedure.

BUT I tried in other way.

  • I hosted another IdentityServer3, the MVC Client, the API also in development box, mapped to local identityserver3 with MVC client & apit, looks everything seems to be working with out any issue. If I put everything together in one box, everything seems to be working.

What is wrong in accessing the remote machine IdentityServer3 in Web API which is hosted in local development Box ? Why I am able to access from the browser, but not from development box IIS ?

Appreciate your time and inputs.

Sivalingaamorthy
  • 983
  • 2
  • 9
  • 26

2 Answers2

2

Because your ssl cert is probably home made and not trusted. Guessing Chrome also gives you warning about this (?).

John Korsnes
  • 2,277
  • 2
  • 20
  • 31
  • yes you are right, it was a self signed certificate hosted in server1. So having trusted certificate in the ids3 server (myDevIds3.com), will solve the problem ? So that my Web API in the develop can use the ids3 hosted centralised ? Please suggest. – Sivalingaamorthy Aug 07 '16 at 10:38
  • Thanks John it clarifies, appreciate your time. – Sivalingaamorthy Aug 09 '16 at 07:59
1

CAUTION: This solution is not recommended for production, but this can be used for non production environments, where your data is not critical.

Add below code in Startup.cs (Web API)

ServicePointManager
    .ServerCertificateValidationCallback += 
    (sender, cert, chain, sslPolicyErrors) => true;

This can be refered in below link aswell.

C# Ignore certificate errors?

I found this solution helpful, since I want to have identityserver3 DEV hosted centralised and multiple developers need to access it. Hope it might help someone.

Community
  • 1
  • 1
Sivalingaamorthy
  • 983
  • 2
  • 9
  • 26