9

I am performing a task to authenticate a Active-directory B2C instance in Azure from a local ToDo WebApp using a local WebAPI service.

I have created 2 Apps App1 and App2, apart from adding a B2C instance in a trial-version subscription of Azure. In local windows 10 OS, in Visual-Studio, I collected code for the ToDo Webapp and WebAPI Service as per a Microsoft-blog here

However, when I start the WebAPI service, and run the ToDoWebapp, the login after creating a user works fine, but after that, for any call to the service, I get the error-page with the message: AuthenticationException: The remote certificate is invalid because of errors in the certificate chain: UntrustedRoot

HttpRequestException: The SSL connection could not be established, see inner exception.

How can one resolve this error?

ΩmegaMan
  • 29,542
  • 12
  • 100
  • 122
Nishanth Battula
  • 95
  • 1
  • 1
  • 5

1 Answers1

13

Please check below points:

  1. Installing the .NET Core SDK installs the ASP.NET Core HTTPS development certificate to the local user certificate store as part of the first-run experience, but it is not trusted. To trust the certificate, perform the one-time step to run the dotnet dev-certs tool.
  2. Check the certificates in the certificate store.Find localhost certificate with the ASP.NET Core HTTPS development certificate both under Current User > Personal > Certificates and Current User > Trusted root certification authorities > Certificates
  3. Try to remove all found certificates by checking carefully from both Personal and Trusted root certification authorities.

Note: Do not remove the IIS Express localhost certificate.

Try to run the following commands in .NET CLI and try again

dotnet dev-certs https --clean
dotnet dev-certs https --trust

Note: Untrusted certificates should only be used during app development. Production apps should always use valid certificates.

References:

  1. Trust the ASP.NET Core HTTPS development certificate on Windows and macOS
  2. Enforce HTTPS in ASP.NET Core | Microsoft Docs
ΩmegaMan
  • 29,542
  • 12
  • 100
  • 122
kavyaS
  • 8,026
  • 1
  • 7
  • 19
  • 7
    I've tried these things. they didn't work – Nishanth Battula May 05 '22 at 11:52
  • If you have x509 certificates, try checking them. I had some unused certificates there and removing those certificates worked for me. In ubuntu the path is ~/.dotnet/corefx/cryptography/x509stores/ca/ – visvk Mar 09 '23 at 12:59