1

I have created an Excel VSTO Add-In, which connects to an API using IdentityModel to get a token and to send and receive data from a website. This has worked quite well, until a couple of days ago. On Windows 7 environments I get the message

An error occurred while sending the request. The underlying connection was closed: An unexpected error occurred on a send.

because tokenResponse.HttpStatusCode = 0

The full message is Error during login: 0: An error occurred while sending the request.

This error does not appear on Windows 10 environments.

What changed in the previous days was that the website has disabled certain ciphers, because SSLlabs said they were to weak to give the site an A+ rating. It is for instance not possible anymore to access the website by using IE11 on Windows 7, but it is possible to use IE11 on Windows 10.

My code to get the accesstoken is as follows:

Imports IdentityModel.Client
Imports System.Net.Http    
Function Login(weblink As String, username As String, password As String) As String
    System.Net.ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12
    Try
         Dim tokenClient As New HttpClient()
         Dim tokenResponse As TokenResponse = tokenClient.RequestPasswordTokenAsync(New PasswordTokenRequest With {.ClientId = "clientid", .Address = weblink & "/connect/token", .UserName = username, .Password = password, .Scope = "scope", .GrantType = "password"}).Result
         If tokenResponse.HttpStatusCode = System.Net.HttpStatusCode.OK Then
             Return tokenResponse.AccessToken
         Else
             MsgBox("Error during login: " & tokenResponse.HttpStatusCode & ": " & tokenResponse.Exception.Message & "  " & tokenResponse.Exception.InnerException.Message)
             Return ""
         End If
    Catch ex As Exception
         MsgBox("Error during login: " & ex.Message)
         Return ""
    End Try
    End function

This codes worked perfectly and still works perfectly on Windows 10. I thought that the HttpClient would use somekind of default cipher suite which is not allowed anymore and I thought that maybe there would be a way of forcing the HttpClient to use an allowed cipher suite, but I haven't found anything yet.

Does someone have any idea how I can solve this? I would be very grateful!

Alex de Jong
  • 1,257
  • 1
  • 11
  • 23
  • 1
    *An error occured while sending the request*. This is not the exception. That's the first part of the description. What is the status code? Don't catch `Exception`, catch `WebException`. Take a look at what was exchanged, possibly using Fiddler or WireShark. The notes here: [Which TLS version was negotiated?](https://stackoverflow.com/a/48675492/7444103) might help to determine the TLS protocol and the cyphers exchanged in the HandShake. Windows 7 must be updated. The last security update was issued this month. – Jimi Jul 24 '19 at 13:48
  • Thank you for helping me. I'm sorry I wasn't clear before. It doesn't go to the exception. The HttpStatusCode is 0 and therefore it goes to the `else` part. – Alex de Jong Jul 24 '19 at 13:55
  • Yes, but do you have a response? Also, let HttpClient throw on StatusCodes > 399. Btw, you should use the async methods as async. You're blocking on async code as of now. Depending on how/where this code is used, this can also cause misbehaviours of all kinds. – Jimi Jul 24 '19 at 14:00
  • `tokenResponse` exists if that's what you mean, because the message comes from `tokenResponse.Error`. The actual response should be `tokenResponse.AccessToken`, but that one is empty. – Alex de Jong Jul 24 '19 at 14:14

0 Answers0