0

I am using a URL to connect with a web service using SOAP. Apparently the URL does not have a correct https protocol and if I want to access it via browser, I need to accept the 'risk' this connection has.

My problem starts when I want to access in programmatically. When I try to send a SOAP POST request, the connection is closed and an exception is caught.

"The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel."

Apparently this problem was common, and a lot of resources could be found, this and this being the most upvoted.

When i tried this part of code:

ServicePointManager.ServerCertificateValidationCallback += (sender, cert, chain, sslPolicyErrors) => true;

not only the connection did not work, but now I am given a:

"The remote server returned an error: (500) Internal Server Error."

Now my question is. The code above switches the protocol from https to http?

If not what does this line of code really do?

Noel
  • 384
  • 1
  • 3
  • 16
  • "the connection did not work, but now I am given a: "The remote server returned an error: (500) Internal Server Error." Actually this implies the connection _did_ work, but that the remote server crashed while trying to process the request. – ADyson Dec 13 '17 at 16:06
  • "The code above switches the protocol from https to http?" No. The code means that the http stack used for you request will ignore any certificate validation errors and just let the request through. Worth considering that, as written, this will affect all requests to all hosts. – spender Dec 13 '17 at 16:08
  • @spender I have lots of connection, but they are all with the same host so I don't have to worry about that. So basically that piece of code is doing its part and does not 'alter' the URL or connection in any way. So either my request is not correct, or the remote server cannot handle it? – Noel Dec 13 '17 at 16:32
  • @ADyson it was a bad choice of words you are right.. It is understandable though that I wasn't expecting a 500 error code from the connection. – Noel Dec 13 '17 at 16:33
  • @Noel fair enough. Obviously we can't tell because a 500 deliberately obfuscates the server error to protect the server's security, but perhaps the server does not accept http connections? – ADyson Dec 13 '17 at 16:52

1 Answers1

0

I don't know if this will be your answer, but as it is not appropriate for a comment...

Do not bypass certificate validation. You probably only need to set the correct version of TLS. You can experiment to find the highest version supported by using one at time instead of OR'ing them together.:

ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls | SecurityProtocolType.Tls11 | SecurityProtocolType.Tls12

If that doesn't work you may need to obtain a certificate, either the one used by the service or one higher in the certificate chain.

Crowcoder
  • 11,250
  • 3
  • 36
  • 45
  • I think this is the first think i tried.. but i will try again tomorrow when i'll go back to my office cause i dont have the code right now – Noel Dec 13 '17 at 16:48
  • I could try only the first one. `Tls11` and `Tls12` were not known commands to the compiler. – Noel Dec 14 '17 at 07:49
  • What version of .net framework are you using? You need at least 4.5. You may need to update it as most services are starting to require TLS1.1 or 1.2. – Crowcoder Dec 14 '17 at 10:37
  • Yeah I was doubting that has something to do with the version. The current version is 4.0... I am kinda obligated to use Visual Studio 2010 (cause that is the only installed in my working environment). I guess I will stick with bypassing the security protocols for now. – Noel Dec 14 '17 at 10:43
  • That's not going to work if the problem is TLS because that is server-side. – Crowcoder Dec 14 '17 at 10:54