Ends in:
7 DAYS
12 HRS
39 MIN
35 SEC
Ends in:
7 D
12 H
39 M
35 S
Open Closed

RemoteCertificateNameMismatch in production environment when using external provider #6184


User avatar
0
ageiter created
  • ABP Framework version: v7.4.0
  • UI Type: Blazor Server
  • Database System: EF Core (SQL Server)
  • Tiered (for MVC) or Auth Server Separated (for Angular): no

Exception message and full stack trace:

System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure: RemoteCertificateNameMismatch

Details:

We use Microsoft Azure as an external login provider. On my development system, everything works fine with the Microsoft login (with another Microsoft Entra ID instance).

When I wanted to install this on our customer's test system and tested the connection to their Entra ID, the authentication could be performed, but the above error occurred during the callback.

The customer, a large company with various security systems, then looked in the firewall and noticed that the callback from Microsoft had landed in their honeypot. He thinks that the reason is probably that the request from our application did not go through the proxy (although this is configured system-wide on the server).

Could this have something to do with the proxy and can I set it explicitly in the application? Or does it have to do with something completely different?


2 Answer(s)
  • User Avatar
    0
    ageiter created

    We have found the solution. The problem was really with the proxy. A proxy was configured system-wide, but the IIS ignored it and sent the request directly to Microsoft. The response then contained the certificate of the honeypot server and not that of Microsoft, resulting in the RemoteCertificateNameMismatch.

    Unfortunately, it was not enough to define the proxy in IIS web.config. We had to create a wpad.dat file (for Web Proxy Auto-Discovery). Then the IIS selected the correct route.

    Would be nice if you could refund me the question.

  • User Avatar
    0
    gterdem created
    Senior .NET Developer

    I've refunded your question. Thank you.

Made with ❤️ on ABP v9.1.0-preview. Updated on November 20, 2024, 13:06