[CSHARP-2449] Connection issue with certs after deployment of asp core website to domain but work good if run local on same server Created: 08/Dec/18  Updated: 05/Apr/19  Resolved: 17/Dec/18

Status: Closed
Project: C# Driver
Component/s: Security
Affects Version/s: 2.7.2
Fix Version/s: None

Type: Task Priority: Critical - P2
Reporter: Alaa Mohammed Ali Abu Nassar Assignee: Unassigned
Resolution: Done Votes: 0
Labels: C#, driver, question, security, ssl-certificate
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified
Environment:

windows server 2016



 Description   

i've issue that couldn't solve till now

i setup windows server 2016 with 3 domains and plesk panel i installed Mongodb server 4.0.4 i make selfsigned CA ssl and import it to trusted Root i issued server pem and client pfx and pem certs

on server i connect by the client cert from CMD it WORKS on my machine i used the same setting and connect from CMD and from asp core App through C# driver ,, it works

but when i publish the app on the server it not work give me this error :

 

TimeoutException: A timeout occured after 30000ms selecting a server using CompositeServerSelector{ Selectors = MongoDB.Driver.MongoClient+AreSessionsSupportedServerSelector, LatencyLimitingServerSelector{ AllowedLatencyRange = 00:00:00.0150000 } }. Client view of cluster state is { ClusterId : "3", ConnectionMode : "Automatic", Type : "Unknown", State : "Disconnected", Servers : [{ ServerId: "{ ClusterId : 3, EndPoint : "127.0.0.1:27017" }", EndPoint: "127.0.0.1:27017", State: "Disconnected", Type: "Unknown", HeartbeatException: "MongoDB.Driver.MongoConnectionException: An exception occurred while opening a connection to the server. ---> System.ComponentModel.Win32Exception: The credentials supplied to the package were not recognized
at System.Net.SSPIWrapper.AcquireCredentialsHandle(SSPIInterface secModule, String package, CredentialUse intent, SCHANNEL_CRED scc)
at System.Net.Security.SslStreamPal.AcquireCredentialsHandle(CredentialUse credUsage, SCHANNEL_CRED secureCredential)
at System.Net.Security.SslStreamPal.AcquireCredentialsHandle(X509Certificate certificate, SslProtocols protocols, EncryptionPolicy policy, Boolean isServer)
at System.Net.Security.SecureChannel.AcquireClientCredentials(Byte[]& thumbPrint)
at System.Net.Security.SecureChannel.GenerateToken(Byte[] input, Int32 offset, Int32 count, Byte[]& output)
at System.Net.Security.SecureChannel.NextMessage(Byte[] incoming, Int32 offset, Int32 count)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.PartialFrameCallback(AsyncProtocolRequest asyncRequest)
--- End of stack trace from previous location where exception was thrown ---
at System.Net.Security.SslState.ThrowIfExceptional()
at System.Net.Security.SslState.InternalEndProcessAuthentication(LazyAsyncResult lazyResult)
at System.Net.Security.SslState.EndProcessAuthentication(IAsyncResult result)
at System.Net.Security.SslStream.EndAuthenticateAsClient(IAsyncResult asyncResult)
at System.Net.Security.SslStream.<>c.<AuthenticateAsClientAsync>b__46_2(IAsyncResult iar)
at System.Threading.Tasks.TaskFactory`1.FromAsyncCoreLogic(IAsyncResult iar, Func`2 endFunction, Action`1 endAction, Task`1 promise, Boolean requiresSynchronization)
--- End of stack trace from previous location where exception was thrown ---
at MongoDB.Driver.Core.Connections.SslStreamFactory.CreateStreamAsync(EndPoint endPoint, CancellationToken cancellationToken)
at MongoDB.Driver.Core.Connections.BinaryConnection.OpenHelperAsync(CancellationToken cancellationToken)
--- End of inner exception stack trace ---
at MongoDB.Driver.Core.Connections.BinaryConnection.OpenHelperAsync(CancellationToken cancellationToken)
at MongoDB.Driver.Core.Servers.ServerMonitor.HeartbeatAsync(CancellationToken cancellationToken)" }] }.

but same code work on my local machine without any problems this is the connection code

var connectionString = config["Database:protocol"] + @"://" + config["Database:Url"] + ":" + config["Database:Port"] + @"/" + config["Database:DbName"];
var clientSettings = MongoClientSettings.FromUrl(new MongoUrl(connectionString));
clientSettings.SslSettings = new SslSettings();
clientSettings.UseSsl = true;
clientSettings.SslSettings.ClientCertificates = new List<X509Certificate2>()
            {
                new X509Certificate2(Path.Combine(env.ContentRootPath, config["Database:Cert"]), config["Database:Password"])
            };
var credential = MongoCredential.CreateMongoX509Credential(config["Database:Username"]);
clientSettings.Credential = credential;
clientSettings.SslSettings.EnabledSslProtocols = SslProtocols.Tls12;
clientSettings.SslSettings.CheckCertificateRevocation = false;
clientSettings.VerifySslCertificate = false;
var client = new MongoClient(clientSettings); 
_database = client.GetDatabase(config["Database:DbName"]);

the user name is the subject of the cert and added to the $external database

this code work on my local dev machine but not on the production server i made the same configurations on both machine and i could connect with the cert on production machine by CMD CLI connection

i made console app and run on server perfect with the same client cert and same configurations , only my asp .net core app not working when i deploy it to domain mydomain.com

could any one help me with this error ?



 Comments   
Comment by Ian Whalen (Inactive) [ 17/Dec/18 ]

Just to let you know this project is for .NET driver bugs or feature requests. The best place for questions regarding MongoDB usage or the .NET driver specifics is the mongodb-user mailinglist or stackoverflow as you will reach a broader audience there. If your business requires an answer from MongoDB within a time frame then we do offer production support.

Generated at Wed Feb 07 21:42:35 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.