Search code examples
azureauthenticationazure-service-fabric

Unable to authenticate FabricClient to a secured Service Fabric Cluster

I have a secured service fabric cluster. The same certificate is being used as the server certificate and for client authentication. I am unable to create a FabricClient in a console application that will allow me to connect to this cluster. I am using the code snippet documented here under "Connect to a secure cluster using a client certificate":

static void Main(string[] args)
{
    string thumb = "‎1234567890123456789012345678901234567890";
    string CommonName = "somefabric.cloudapp.azure.com";
    string connection = "somefabric.cloudapp.azure.com:19000";

    try
    {
        X509Credentials xc = GetCredentials(thumb, thumb, CommonName);
        FabricClient fc = new FabricClient(xc, connection);
        Console.WriteLine("Cluster is connected");
    }
    catch (Exception e)
    {
        Console.WriteLine(e.Message);
    }
    Console.ReadKey();
}


static X509Credentials GetCredentials(string clientCertThumb, string serverCertThumb, string name)
{
    X509Credentials xc = new X509Credentials();

    // Client certificate
    xc.StoreLocation = StoreLocation.CurrentUser;
    xc.StoreName = "MY";
    xc.FindType = X509FindType.FindByThumbprint;
    xc.FindValue = clientCertThumb;

    // Server certificate
    xc.RemoteCertThumbprints.Add(serverCertThumb);
    xc.RemoteCommonNames.Add(name);

    xc.ProtectionLevel = ProtectionLevel.EncryptAndSign;
    return xc;
}

This code results in

The X509 thumbprint specified is invalid.

It seems like the certificate does grant me access via other means. I am able to successfully view the Fabric Explorer and the following PowerShell command also connects to the cluster successfully

Connect-ServiceFabricCluster 
    -ConnectionEndpoint somefabric.cloudapp.azure.com:19000 
    -X509Credential 
    -FindType FindByThumbprint 
    -FindValue 1234567890123456789012345678901234567890 
    -StoreLocation CurrentUser 
    -StoreName MY 
    -ServerCertThumbprint 1234567890123456789012345678901234567890

What am I doing wrong here?

Solution

  • I fell over this exact problem but the cause was quite different.

    I was confused in that;

    • https Explorer worked (in IExporer)
    • Powershell Connect-ServiceFabricCluster worked too.
    • Visual Studio Publish failed

    I found out that there were 4 invisible characters appended to my thumbprint value, probably an artifact of a cut and paste operation. How, why? Dunno

    I found that out only after i edited Deploy-FabricApplication to add this line.

    $publishProfile.ClusterConnectionParameters|Format-List

    Just before 

    [void](Connect-ServiceFabricCluster @ClusterConnectionParameters)

    I then saw the invisible characters displayed as ???? at the end of the thumbprint.

    Opening the Cloud.xml file with the Binary editor allowed me to see them and delete them.

    Then I could publish my application.