none
HttpClient.GetByteArray and WebClient.all of a sudden GetString throw AuthenticationException RRS feed

  • Question

  • I use clickonce to deploy small WPF App .Net 4.6. (visual Studio 2015)

    I had to renew certificate for click once

    since then I can't use neither HttpClient nor WebClient on development pc

    I can deploy application and deployed application can use HttpClient and WebClient w/o Problems

    Kinda stumped here:

    Problem on developement machine ONLY!

    Exception mentions SSL/TLS-channel (but pure http:// call)

    - I already deactivated Firewalls (in case of 443, no change)

    - I tried  System.Net.ServicePointManager.ServerCertificateValidationCallback += (send, certificate, chain, sslPolicyErrors) => true (no Change)

    I'm not sure it has something to do with me changing certificate:

    I deleted old certificate and had vs create new one and exported it and double clicked it/imported it 

    in cvs no changes to relevant files so don't have a clue what it could be

    can open links in Browsers w/o problems

    Case I

     using (var wc = new System.Net.WebClient()) {
              var data = Encoding.Default.GetString(wc.DownloadData(new Uri(request.Link)));  // BOOM

    Case II

            var rawData = await HttpClient.GetByteArrayAsync(new Uri(request.Link));  // BOOM
            var data = Encoding.Default.GetString(rawData);

    Any idea?


    • Edited by WHY Sqr Thursday, April 5, 2018 1:44 PM
    Thursday, April 5, 2018 1:40 PM

Answers

  • Hello ,

    Try again, specifies the version of (SSL/TSL)  security protocol by below code.

      System.Net.ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
      wc.UseDefaultCredentials = true;
      var data = Encoding.Default.GetString(wc.DownloadData(new Uri("http://www.bundesbank.de/cae/servlet/StatisticDownload?tsId=BBK01.SU0310&its_csvFormat=de&its_fileFormat=csv&mode=its")));

    Best Regards,

    Neil Hu


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    • Marked as answer by WHY Sqr Monday, April 9, 2018 8:46 AM
    Monday, April 9, 2018 8:36 AM
    Moderator

All replies

  • Hello,

    what is the entire error message? Did you try to add WebClient.UseDefaultCredentials Property for WebClient instance?

    Best Regards,

    Neil Hu


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Monday, April 9, 2018 6:42 AM
    Moderator
  • Link: 
    http://www.bundesbank.de/cae/servlet/StatisticDownload?tsId=BBK01.SU0310&its_csvFormat=de&its_fileFormat=csv&mode=its

    code

     using (var wc = new System.Net.WebClient()) {
              wc.UseDefaultCredentials = true;
              var data = Encoding.Default.GetString(wc.DownloadData(new Uri(request.Link))); // BOOM

    Exception:

    Message: "Die Anfrage wurde abgebrochen: Es konnte kein geschützter SSL/TLS-Kanal erstellt werden.." (transl. "request canceled/aborted: secure channel could not be established/created")
    (german dev machine, english vs)
    Status: SecureChannelFailure

    Occurs every time, first time too

    recap

    • Code work for ages, all of a sudden stopped working (only on dev machine) (1 day to next)
    • link can be opened in browser on dev machine w/o problems
    • dev machine: hyper-v guest w10 (also since ages)
    Monday, April 9, 2018 7:39 AM
  • Hello ,

    Try again, specifies the version of (SSL/TSL)  security protocol by below code.

      System.Net.ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
      wc.UseDefaultCredentials = true;
      var data = Encoding.Default.GetString(wc.DownloadData(new Uri("http://www.bundesbank.de/cae/servlet/StatisticDownload?tsId=BBK01.SU0310&its_csvFormat=de&its_fileFormat=csv&mode=its")));

    Best Regards,

    Neil Hu


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    • Marked as answer by WHY Sqr Monday, April 9, 2018 8:46 AM
    Monday, April 9, 2018 8:36 AM
    Moderator
  • Okay, it worked, but:

    WHY?

    Original code has worked quite some time and still works when deployed.

    What changed to make this Tls12 fix necessary?

    Thanks

    Monday, April 9, 2018 8:48 AM
  • Hello ,

    >>Original code has worked quite some time and still works when deployed. What changed to make this Tls12 fix necessary?

    Different machine has possible value of security protocol, which also could be modified constantly by different running environment. If something changed the situation of "all of a sudden" occurs without any notification.

    The MSDN has detailed info about it.

    https://msdn.microsoft.com/en-us/library/system.net.servicepointmanager.securityprotocol(v=vs.110).aspx

    This property selects the version of the Secure Sockets Layer (SSL) or Transport Layer Security (TLS) protocol to use for new connections that use the Secure Hypertext Transfer Protocol (HTTPS) scheme only; existing connections are not changed.

    Note that no default value is listed for this property, on purpose. The security landscape changes constantly, and default protocols and protection levels are changed over time in order to avoid known weaknesses. Defaults will vary depending on individual machine configuration, and on which software is installed, and on which patches have been applied.

    Your code should never implicitly depend on using a particular protection level, or on the assumption that a given security level is used by default. If your app depends on the use of a particular security level, you must explicitly specify that level and then check to be sure that it is actually in use on the established connection. Further, your code should be designed to be robust in the face of changes to which protocols are supported, as such changes are often made with little advance notice in order to mitigate emerging threats.

    The .NET Framework 4.6 includes a new security feature that blocks insecure cipher and hashing algorithms for connections. Applications using TLS/SSL through APIs such as HttpClient, HttpWebRequest, FTPClient, SmtpClient, SslStream, etc. and targeting .NET Framework 4.6 get the more-secure behavior by default.

    Developers may want to opt out of this behavior in order to maintain interoperability with their existing SSL3 services OR TLS w/ RC4 services. This article explains how to modify your code so that the new behavior is disabled.

    Best Regards,

    Neil Hu


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Monday, April 9, 2018 9:10 AM
    Moderator
  • Thanks again
    Monday, April 9, 2018 9:14 AM