search

dotnet / runtime

.NET is a cross-platform runtime for cloud, mobile, desktop, and IoT apps.
https://docs.microsoft.com/dotnet/core/
MIT License
15.41k stars 4.76k forks source link

[.NET 9.0 Regression] "Credentials supplied to the package were not recognized" when using certificates with wcf client #110067

Open julienGrd opened 8 hours ago

julienGrd commented 8 hours ago

Description

Hello guys, i have a piece of code in my app which call a soap service using wcf client and certificate authentification.

This code work fine in .net8.0, but after upgrading to .net9.0 it stopped working and finish with this exception "Credentials supplied to the package were not recognized".

I was wondering which change made in the framework can explain that.

this is the part where i configure the service

  private void ManageEndpoint<T>(ClientBase<T> pClient) where T: class
  {
      pClient.Endpoint.Address = new EndpointAddress(_urlService);
      ServicePointManager.Expect100Continue = true;
      ServicePointManager.DefaultConnectionLimit = 9999;
      ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
      try
      {
         X509Certificate2 lAuthCertificate = new X509Certificate2(this._certif.CertifContent, this._certif.Password, X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.PersistKeySet | X509KeyStorageFlags.Exportable);

          if (lAuthCertificate != null && pClient.Endpoint.Address.Uri.AbsoluteUri.StartsWith("https"))
          {

              //Ajout du certificat d’authentification aux crédentials pour etablir la connexion TLS
              if (pClient.ClientCredentials != null) pClient.ClientCredentials.ClientCertificate.Certificate = lAuthCertificate;

              System.Net.ServicePointManager.ServerCertificateValidationCallback += CertificateValidationCallBack;

              CheckCertificates();
          }
      }
      catch (Exception ex)
      {
          throw new Exception("Certificat INS invalide : " + ex.Message);
      }
  }

  private bool CertificateValidationCallBack(
                                                  object sender,
                                                  System.Security.Cryptography.X509Certificates.X509Certificate certificate,
                                                  System.Security.Cryptography.X509Certificates.X509Chain chain,
                                                  System.Net.Security.SslPolicyErrors sslPolicyErrors)
  {
     return certificate.Subject.Contains("services-ps-tlsm.ameli.fr");
  }

Interesting things : since .net 9.0, all call to ServicePointManager are flag obsolete. But i don't know it the error can come frome here. The "new X509Certificate2" is also obsolete but if i change for "X509CertificateLoader.LoadPkcs12" i still have same error.

This error is really annoying for me, it would be really a pain to come back in .net 8.0 as i already upgraded many client.

Unfortunately i can't give a repro project as there is very sensitives informations, especially the certificate used for connexion (but if its really necessary, i will check that).

Do you have some tips on how i can debug that or if you know which changes can explain that ?

This issue is high priority for me.

thanks !

Reproduction Steps

calling wcf service with client certificate authentication

Expected behavior

Have the same behavior wetween .net8.0 and .net9.0

Actual behavior

the code throw exception in .net9.0

Regression?

yes, was working in .net8.0

Known Workarounds

no workaround for now

Configuration

.net9, win-x64

Other information

No response

dotnet-policy-service[bot] commented 5 hours ago

Tagging subscribers to this area: @dotnet/ncl, @bartonjs, @vcsjones See info in area-owners.md if you want to be subscribed.