Search code examples
c#dockerneo4jneo4jclientbolt

.Net Connection to Bolt URI failing with Neo4jClient but not Neo4j.Driver

I have been connecting .Net Core code from within a Docker container to a Neo4j DB. I tried using Neo4jClient first but ran into issues with the http connection out of the docker container. I then tried the Neo4j.Driver directly with the bolt connection using host.docker.internal to alias localhost. This worked fine. I swapped back to Neo4jClient with bolt (again from within Docker) but its failing with. Thanks for any help.

Neo4j.Driver.V1.ServiceUnavailableException
  HResult=0x80131500
  Message=Connection with the server breaks due to SecurityException: Failed to establish encrypted connection with server bolt://host.docker.internal:7687/.
  Source=Neo4j.Driver

Update: Following Chris Skardon's help below. I switched on ssl for bolt as per section Example 11.2. Enable Bolt SSL. As per instructions here at Neo4j

The code below using Neo4j.Driver directly works and updates the DB with 12 organisations. Its running from within a .Net Core Docker container and using host.docker.internal. I would have expected this not to work without the Encryption config. But it does.

IDriver driver = GraphDatabase.Driver("bolt://host.docker.internal:7687", AuthTokens.Basic("neo4j", "xxxxx"));
IAsyncSession session = driver.AsyncSession(o => o.WithDatabase("neo4j"));

This code using Neo4jClient doesn’t work. I was originally running it within a docker container as above and thought that might be it. But still have a problem with no container

IDriver driver = GraphDatabase.Driver("bolt://localhost:7687", AuthTokens.Basic("neo4j", "xxxxx"), Config.Builder.WithEncryptionLevel(EncryptionLevel.Encrypted).ToConfig());
            var client = new BoltGraphClient(driver);

The exceptions are:

  1. Connection with the server breaks due to SecurityException: Failed to establish encrypted connection with server bolt://localhost:7687/.'
  2. IOException: Authentication failed because the remote party has closed the transport stream.

Nothing appears in the Neo4j logs. I don't have any specific code in the .Net Core API code for supporting SSL and googling the 2nd exception comes back with a lots of incorrect TLS results. So am exploring that.

Solution

  • The 4.x versions of Neo4j require Encryption to be set, Neo4jClient doesn't actually provide an easy way to do this, so you'd need to pass in an IDriver instance, like so:

    var driver = GraphDatabase.Driver("bolt://localhost:7687", AuthTokens.Basic("neo4j", "neo"), Config.Builder.WithEncryptionLevel(EncryptionLevel.None).ToConfig());
var client = new BoltGraphClient(driver);

    EDIT

    I've been testing this - and the problem is actually the opposite - you need to turn the encrpytion level to 'None' - unless you actually have an SSL cert setup