1

I have the following code (need to change C# to version 7.1+) running in my company network. It works in full .Net framework but not in .Net core 2.1 application? Why? (Checking the Certificate of the https sites will show some of the certificates are issued by my company)

public static async Task Main(string[] args)
{
    ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls | SecurityProtocolType.Tls11 | SecurityProtocolType.Tls12;
    var client = new HttpClient();
    var response = await client.GetAsync("https://usbtrustgateway.usbank.com/portal/");
    response.EnsureSuccessStatusCode();
    var content = await response.Content.ReadAsStringAsync();
    Console.WriteLine(content);
}

It gets the following exception on the line client.GetAsync(...) in .Net core

Exception thrown: 'System.Net.Http.HttpRequestException' in System.Private.CoreLib.dll ("The SSL connection could not be established, see inner exception.") Exception thrown: 'System.Net.Http.HttpRequestException' in System.Private.CoreLib.dll ("The SSL connection could not be established, see inner exception.") Hyperlink: Activate Historical Debugging 0.95s [15948] Worker Thread

The inner exception is

An existing connection was forcibly closed by the remote host

ca9163d9
  • 27,283
  • 64
  • 210
  • 413
  • 1
    You need to get System.Net from Nuget instead of the the full framework version you used before. – Crowcoder Aug 03 '18 at 19:08
  • @ca9163d9 if you comment out the first line (the service point manager) do you get the same issue? – maccettura Aug 03 '18 at 19:10
  • @maccettura I got the same error. – ca9163d9 Aug 03 '18 at 19:14
  • @Crowcoder, I installed `System.Net.Http` and still get the same error. – ca9163d9 Aug 03 '18 at 19:15
  • What's the inner exception? – mason Aug 03 '18 at 19:16
  • Yeah, that's what I meant - [this one right?](https://www.nuget.org/packages/System.Net.Http/) – Crowcoder Aug 03 '18 at 19:16
  • @Crowcoder, yes, it's the one. – ca9163d9 Aug 03 '18 at 19:18
  • It doesn't make sense that you would get that error creating the instance. It would come when you attempted a request. – Crowcoder Aug 03 '18 at 19:21
  • @mason the inner exception is "An existing connection was forcibly closed by the remote host" – ca9163d9 Aug 03 '18 at 19:29
  • @Crowcoder, I copied the wrong line when composing the question. It should be `client.GetAsync(...)`. Fixed the question. – ca9163d9 Aug 03 '18 at 19:30
  • Copy pasted your code and it works on my machine (.NET Core 2.1 / C# 7.1). So the problem is not with the code... – huysentruitw Aug 03 '18 at 19:37
  • Works on mine as well with .Net Core 2.0 - it might be an issue with the SSL certificate not being accepted by your machine, or you being behind a proxy? – Christoph Sonntag Aug 03 '18 at 19:38
  • @WouterHuysentruit, i was using C# 7.3. Let me try it for C# 7.1 and see if it works. Tried C# 7.1 and got the same error. – ca9163d9 Aug 03 '18 at 19:38
  • @Compufreak, yes, my company IT hijacked the certification. But why the full .Net framework works? – ca9163d9 Aug 03 '18 at 19:39
  • Maybe a less strict certificate check? Are they doing man-in-the-middle sniffing? :o – huysentruitw Aug 03 '18 at 19:40
  • I am not sure, maybe it doesn't completely validate the certificate? There should be events available to override the certificate validation on the HttpClient (that should be used with care). – Christoph Sonntag Aug 03 '18 at 19:41
  • @WouterHuysentruit, not sure, in chrome browser, the certicate of https is always issued by my company. – ca9163d9 Aug 03 '18 at 19:43
  • The best way of debugging is to use a sniffer like wireshark or fiddler. Compare working with non-working. Compare http headers. Usually solution is to add missing header to non-working. – jdweng Aug 03 '18 at 20:19
  • It's likely that it's just the version of TLS being used. Newer frameworks use more secure protocols by default and the server needs to support them. – George Helyar Aug 03 '18 at 20:30
  • Tested with .Net Core 2.1, System.Net.Http 4.3.3, C# 7.3, VS 15.7.6. That site is responding with normal parameters. You need a static HttpClient setup. The Tls validation does not require any "special" settings. The `CookieContainer` can be clean. It will contain 3 cookies after validation. I can post the code I used, should it be needed. – Jimi Aug 03 '18 at 21:32

1 Answers1

0

I've been following this thread for a while, and I'm curious if the follow will fix it. We ran into a similar issue with .Net Core.

In your appsettings.json, try adding...

"DOTNET_SYSTEM_NET_HTTP_USESOCKETSHTTPHANDLER": "0"

Example:

"profiles": {
"IIS Express": {
  "commandName": "IISExpress",
  "launchBrowser": true,
  "launchUrl": "https://localhost:44349/",
  "environmentVariables": {
    "ASPNETCORE_ENVIRONMENT": "Development",
    "DOTNET_SYSTEM_NET_HTTP_USESOCKETSHTTPHANDLER": "0"
  }
},
GetFuzzy
  • 2,116
  • 3
  • 26
  • 42