[CSHARP-3174] Getting "Authentication failed because the remote party has closed the transport stream" while connection mongodb V4.0 using C# driver. Created: 31/Jul/20  Updated: 31/Jul/20  Resolved: 31/Jul/20

Status: Closed
Project: C# Driver
Component/s: Configuration, Connectivity
Affects Version/s: None
Fix Version/s: None

Type: Task Priority: Major - P3
Reporter: Bhaskar Avisha Assignee: Jeffrey Yemin
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified
Environment:

Production


Issue Links:
Cloners
clones CSHARP-3113 Getting "Authentication failed becaus... Closed

 Description   

 

Initial Description of the issue ref : https://jira.mongodb.org/browse/CSHARP-3113

We are trying to implement SSL authentication with the MongoDB 4.0 version using the below connection string and facing authentication issues.

 mongodb://username:password@hostname:27017/?authSource=admin&readPreference=primary&ssl=true&sslPEMKeyFile=C:/etc/ssl/client.pem"

At MongoDB log, we see the application connections are closing immediately with error message :

encountered a network error during SourceMessage: SocketException: no shared cipher

application log: 
2020-02-20 12:39:53 [Debug] Failed to authenticate HTTPS connection.
Properties: { EventId:

{ Id: 1 }

, SourceContext: "Microsoft.AspNetCore.Server.Kestrel.Https.Internal.HttpsConnectionMiddleware", ConnectionId: "0HLTM5FID0INL", Application: "DCDService" }
MachineName: NB1999-01924579
System.IO.IOException: Authentication failed because the remote party has closed the transport stream.
   at System.Net.Security.SslStream.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.ProcessAuthentication(LazyAsyncResult lazyResult, CancellationToken cancellationToken)
   at System.Net.Security.SslStream.BeginAuthenticateAsServer(SslServerAuthenticationOptions sslServerAuthenticationOptions, CancellationToken cancellationToken, AsyncCallback asyncCallback, Object asyncState)
   at System.Net.Security.SslStream.<>c.<AuthenticateAsServerAsync>b__69_0(SslServerAuthenticationOptions arg1, CancellationToken arg2, AsyncCallback callback, Object state)
   at System.Threading.Tasks.TaskFactory`1.FromAsyncImpl[TArg1,TArg2](Func`5 beginMethod, Func`2 endFunction, Action`1 endAction, TArg1 arg1, TArg2 arg2, Object state, TaskCreationOptions creationOptions)
   at System.Threading.Tasks.TaskFactory.FromAsync[TArg1,TArg2](Func`5 beginMethod, Action`1 endMethod, TArg1 arg1, TArg2 arg2, Object state, TaskCreationOptions creationOptions)
   at System.Threading.Tasks.TaskFactory.FromAsync[TArg1,TArg2](Func`5 beginMethod, Action`1 endMethod, TArg1 arg1, TArg2 arg2, Object state)
   at System.Net.Security.SslStream.AuthenticateAsServerAsync(SslServerAuthenticationOptions sslServerAuthenticationOptions, CancellationToken cancellationToken)
   at Microsoft.AspNetCore.Server.Kestrel.Https.Internal.HttpsConnectionMiddleware.InnerOnConnectionAsync(ConnectionContext context)
 

Activity Performed by us after steps recommended by Mongodb : 

Hello, 

I have followed by steps mentioned in Previous ticket 

1) Create a pfx format file using below instructions 

openssl pkcs12 -export -in "${CLIENT_PEM}" |
-out "${MONGO_X509_CLIENT_P12}" |
-name "Drivers Client Certificate" |
-password "pass:${MONGO_X509_CLIENT_CERTIFICATE_PASSWORD}"

2) Code Snippet from the app config file 

Here is the code used to connect with the x509 cert:

        public static IContextOptions UseMongoFactory(this IContextOptions options, DatabaseSettings settings)

        {

            var setting = new MongoClientSettings

            {

                // if a username is null, the distinguished name from the certificate will be used

                Credential = MongoCredential.CreateMongoX509Credential(null),

                SslSettings = new SslSettings

                {

                    ClientCertificates = new List<X509Certificate>()

                   

{                         // Instert Pem File Location and Passphrase                         new X509Certificate2(settings.CertificatePath, settings.Passphrase)                     }

,

                },

                UseTls = true,

                Server = new MongoServerAddress(settings.ServerName, settings.PortNumber),

                // For testing using self-signed certs, use this option to skip validation.

                // DO NOT USE THIS OPTION FOR PRODUCTION USES

                AllowInsecureTls = true

            };

            var context = new MongoClient(setting);

            options.DatabaseName = settings.DatabaseName;

            options.Logger = Log.Logger;

            options.Factory = new MongoFactory(options, context);

            return options;

        }

Exception Details : 

Exception:

MongoDB.Driver.MongoAuthenticationException

HResult=0x80131500

Message=Unable to authenticate username '' using protocol 'MONGODB-X509'.

Source=MongoDB.Driver

StackTrace:

at MongoDB.Driver.Linq.MongoQueryProviderImpl`1.Execute(Expression expression)

at MongoDB.Driver.Linq.MongoQueryableImpl`2.GetEnumerator()

at System.Collections.Generic.List`1..ctor(IEnumerable`1 collection)

at System.Linq.Enumerable.ToList[TSource](IEnumerable`1 source)

at RemoteDbContextStd.MongoEntity`1.ToList() in C:\Users\gbaril\source\repos\Experiments\RemoteDbContextStd\RemoteDbContextStd\MongoEntity.cs:line 143

at ConfigServer.Features.ConfigServer.Services.ConfigServices.<GetConfigCollection>b__5_0() in C:\Users\gbaril\source\repos\ConfigService\ConfigService\Features\ConfigServer\Services\ConfigServices.cs:line 81

at System.Threading.Tasks.Task`1.InnerInvoke()

at System.Threading.ExecutionContext.RunFromThreadPoolDispatchLoop(Thread threadPoolThread, ExecutionContext executionContext, ContextCallback callback, Object state)



 Comments   
Comment by Jeffrey Yemin [ 31/Jul/20 ]

Hi developer.avisha@gmail.com

I reviewed the two cases, and at this point it looks like it's a support issue rather than a driver bug. To help you further, I wanted to give you some resources to get this questioned answered more quickly:

  • our MongoDB support portal, located at support.mongodb.com
  • our MongoDB community portal, located here
    -If you are an Atlas customer, there is free support offered 24/7 in the lower right hand corner of the UI.

Thank you!

Comment by Bhaskar Avisha [ 31/Jul/20 ]

@Jeffery : thanks for the update, this is the ticket where previous recommendation were made, we took some time in implementing these steps , by the time we came back to ticket it was already closed 

https://jira.mongodb.org/browse/CSHARP-3113

Comment by Jeffrey Yemin [ 31/Jul/20 ]

Hi developer.avisha@gmail.com

You said in the description that you had performed steps recommended by MongoDB. Where were those recommendations made to you?

If it was in a ticket you opened as part of a support contract, it would be best to follow up there or with a new ticket in the support portal.

Regards,
Jeff

Comment by Bhaskar Avisha [ 31/Jul/20 ]

Tried creating another ticket by cloning old ticket but it was directly assigned to  "Vincent Kam" who looks inactive at MongoDB , so created this new ticket again 

Generated at Wed Feb 07 21:44:35 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.