Search code examples
c#dotnet-httpclientclient-certificatesasp.net-core-3.1kestrel

m safeCertContext is an invalid handle


I'm using certificate authentification in my back-end side and i want to consume the Api using HttpClient this is my Service code :

public async Task<List<ReadPoste>> GetPostesAsync(string envName = "AMED")
{
    try
    {

        using var response = await _httpClient.GetAsync($"api/TMCMAPI?envName={envName}");
        var apiResponse = await response.Content.ReadAsStreamAsync();
        List<ReadPoste> readPostes = await JsonSerializer.DeserializeAsync<List<ReadPoste>>(apiResponse, new JsonSerializerOptions
        {
            PropertyNameCaseInsensitive = true,
        });
        //WriteInformationLog("GetPostes", readPostes);
        return readPostes;
    }
    catch (Exception e)
    {
        Log.Error(e, e.Message);
        return new List<ReadPoste>();
    }
}

This is my HttpClient Handler :

    public class MyHttpClientHandler : HttpClientHandler
    {

        public MyHttpClientHandler()
        {

            using (var cert = GetClientCertificate())
            {
                ClientCertificateOptions = ClientCertificateOption.Manual;
                ClientCertificates.Add(cert);

            }
        }

        private X509Certificate2 GetClientCertificate()
        {

            var store = new X509Store(StoreLocation.CurrentUser);
            store.Open(OpenFlags.ReadOnly);
            var clientCertificate = store.Certificates[0];
            return clientCertificate;


        }
    }
}

and my startup to configure HttpClient :

    services.AddHttpClient<ITCMCMClientService, TCMCMClientService>
        (client => { client.BaseAddress = new Uri(Configuration.GetValue<string>("ApexOneBackEnd")); })
            .ConfigurePrimaryHttpMessageHandler<MyHttpClientHandler>();

But i Got this Exception :

System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception.
 ---> System.Security.Cryptography.CryptographicException: m_safeCertContext is an invalid handle.
   at System.Security.Cryptography.X509Certificates.X509Certificate.ThrowIfInvalid()
   at System.Security.Cryptography.X509Certificates.X509Certificate2.get_HasPrivateKey()
   at System.Net.Security.CertificateHelper.GetEligibleClientCertificate(X509Certificate2Collection candidateCerts)
   at System.Net.Security.CertificateHelper.GetEligibleClientCertificate(X509CertificateCollection candidateCerts)
   at System.Net.Http.HttpClientHandler.<set_ClientCertificateOptions>b__70_0(Object sender, String targetHost, X509CertificateCollection localCertificates, X509Certificate remoteCertificate, String[] acceptableIssuers)
   at System.Net.Security.SslStream.UserCertSelectionCallbackWrapper(String targetHost, X509CertificateCollection localCertificates, X509Certificate remoteCertificate, String[] acceptableIssuers)
   at System.Net.Security.SecureChannel.AcquireClientCredentials(Byte[]& thumbPrint)
   at System.Net.Security.SecureChannel.GenerateToken(Byte[] input, Int32 offset, Int32 count, Byte[]& output)
   at System.Net.Security.SecureChannel.NextMessage(Byte[] incoming, Int32 offset, Int32 count)
   at System.Net.Security.SslStream.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.ProcessAuthentication(LazyAsyncResult lazyResult, CancellationToken cancellationToken)
   at System.Net.Security.SslStream.BeginAuthenticateAsClient(SslClientAuthenticationOptions sslClientAuthenticationOptions, CancellationToken cancellationToken, AsyncCallback asyncCallback, Object asyncState)
   at System.Net.Security.SslStream.<>c.<AuthenticateAsClientAsync>b__65_0(SslClientAuthenticationOptions arg1, CancellationToken arg2, AsyncCallback callback, Object state)
   at System.Threading.Tasks.TaskFactory`1.FromAsyncImpl[TArg1,TArg2](Func`5 beginMethod, Func`2 endFunction, Action`1 endAction, TArg1 arg1, TArg2 arg2, Object state, TaskCreationOptions creationOptions)
   at System.Threading.Tasks.TaskFactory.FromAsync[TArg1,TArg2](Func`5 beginMethod, Action`1 endMethod, TArg1 arg1, TArg2 arg2, Object state, TaskCreationOptions creationOptions)
   at System.Threading.Tasks.TaskFactory.FromAsync[TArg1,TArg2](Func`5 beginMethod, Action`1 endMethod, TArg1 arg1, TArg2 arg2, Object state)
   at System.Net.Security.SslStream.AuthenticateAsClientAsync(SslClientAuthenticationOptions sslClientAuthenticationOptions, CancellationToken cancellationToken)
   at System.Net.Http.ConnectHelper.EstablishSslConnectionAsyncCore(Stream stream, SslClientAuthenticationOptions sslOptions, CancellationToken cancellationToken)
   --- End of inner exception stack trace ---
   at System.Net.Http.ConnectHelper.EstablishSslConnectionAsyncCore(Stream stream, SslClientAuthenticationOptions sslOptions, CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.ConnectAsync(HttpRequestMessage request, Boolean allowHttp2, CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.CreateHttp11ConnectionAsync(HttpRequestMessage request, CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.GetHttpConnectionAsync(HttpRequestMessage request, CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.SendWithRetryAsync(HttpRequestMessage request, Boolean doRequestAuth, CancellationToken cancellationToken)
   at System.Net.Http.RedirectHandler.SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
   at System.Net.Http.DiagnosticsHandler.SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
   at Microsoft.Extensions.Http.Logging.LoggingHttpMessageHandler.SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
   at Microsoft.Extensions.Http.Logging.LoggingScopeHttpMessageHandler.SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
   at System.Net.Http.HttpClient.FinishSendAsyncBuffered(Task`1 sendTask, HttpRequestMessage request, CancellationTokenSource cts, Boolean disposeCts)
   at ApexOne.SPA.Data.Services.TCMCMClientService.GetPostesAsync(String envName) in E:\Source\Repos\ApexOne\ApexOne.SPA\Data\Services\TCMCMClientService.cs:line 37

Any One can help me to solve this issue plz?


Solution

  • i finaly got the issue : the cert is removed from memory after using block so instead of :

     using (var cert = GetClientCertificate())
                {
                    ClientCertificateOptions = ClientCertificateOption.Manual;
                    ClientCertificates.Add(cert);
    
                }
    

    i did this :

        ClientCertificates.Add(GetClientCertificate());