1

I'm trying to simply connect to the AWS IoT Mqtt broker and get the following:

"Error while authenticating. Extended authentication handler is not yet supported"

The policies for the thing is set for subscription, connection, receive and publish. I search for some answers but didn't find anything even close to this issue.

Below is the code I'm using, any help would be greatly appreciated.

public async Task MqttConnect()
        {
            try
            {
                // Create a new MQTT client.
                var factory = new MqttFactory();
                var mqttClient = factory.CreateMqttClient();

                var caCert = X509Certificate.CreateFromCertFile(Path.Combine(AppDomain.CurrentDomain.BaseDirectory, @"certificates\AmazonRootCA1.pem"));
                var clientCert = new X509Certificate2(Path.Combine(AppDomain.CurrentDomain.BaseDirectory, @"certificates\Alt-ThingCert.pfx"), "");              
                               
                    

                //This is a helper class to allow verifying a root CA separately from the Windows root store
                rootCertificateTrust = new RootCertificateTrust();
                rootCertificateTrust.AddCert(caCert);

                // Certificate based authentication
                List<X509Certificate> certs = new List<X509Certificate>
                {
                    caCert,
                    clientCert
                };


                //Set things up for our MQTTNet client
                //NOTE: AWS does NOT support will topics or retained messages
                //If you attempt to use either, it will disconnect with little explanation

                MqttClientOptionsBuilderTlsParameters tlsOptions = new MqttClientOptionsBuilderTlsParameters();
                tlsOptions.Certificates = certs;
                tlsOptions.SslProtocol = System.Security.Authentication.SslProtocols.Tls12;
                tlsOptions.UseTls = true;
                tlsOptions.AllowUntrustedCertificates = true;
                tlsOptions.CertificateValidationHandler += rootCertificateTrust.VerifyServerCertificate;

                var options = new MqttClientOptionsBuilder()
                    .WithTcpServer(MQTT_Host, MQTT_Port)
                    .WithClientId(Guid.NewGuid().ToString())
                    .WithTls(tlsOptions)
                    .WithProtocolVersion(MQTTnet.Formatter.MqttProtocolVersion.V500)
                    .Build();

                await mqttClient.ConnectAsync(options, CancellationToken.None);

                var message = new MqttApplicationMessageBuilder()
                    .WithTopic("HeartBeats")
                    .WithPayload("Hello World")
                    .Build();

                await mqttClient.PublishAsync(message, CancellationToken.None);

                Console.WriteLine("==>message sent");
            }
            catch(Exception ex)
            {
                string msg = ex.Message;
            }
        }

I executed the code and get an error when trying to connect to AWS IoT.

"Error while authenticating. Extended authentication handler is not yet supported"

FrankL
  • 11
  • 2
  • I got the same issue when trying to connect to our server (which requires client certificate auth). I just link the github discussion (it did not help me): https://github.com/dotnet/MQTTnet/discussions/1786 – hbertsch Jul 11 '23 at 09:23

1 Answers1

0

for me the issue was that I choose the wrong MQTT protocol version.

Maybe you should check which protocol version your server is using and set the

.WithProtocolVersion(MQTTnet.Formatter.MqttProtocolVersion.V500)

in your MqttClientOptionsBuilderTlsParameters.

Hope this helps. E.g.:

var mqttClientOptions = new MqttClientOptionsBuilder()
            .WithTcpServer(
                connectionInfo.MqttConnectionInformation.MqttUri,
                connectionInfo.MqttConnectionInformation.MqttPort)
            .WithClientId(connectionInfo.MqttConnectionInformation.ClientId)
            .WithTls(new MqttClientOptionsBuilderTlsParameters
            {
                UseTls = true,
                SslProtocol = System.Security.Authentication.SslProtocols.Tls12,
                Certificates = new[] { Your_Client_Certificate },
                CertificateValidationHandler = delegate { return true; },
            })
            .WithProtocolVersion(MQTTnet.Formatter.MqttProtocolVersion.V500)
            .Build();
hbertsch
  • 367
  • 2
  • 12