We have an ASP.NET (4.6) MVC application that uses the LinkedIn OAuth flow to login users which has been working without issue for quite some time. However, recently the 'Step 3: Exchange Authorization Code for an Access Token' part of the process is breaking with error:
System.Net.Sockets.SocketException: An existing connection was forcibly closed by the remote host
Due to the above, users cannot connect to LinkedIn within our app. Oddly enough, this only happens on the production server (Windows Server 2012 Standard), but continues to work properly in our dev-environment and on a stage version of the app hosted in Azure (Azure App Service). This of course indicates the production server itself is the culprit and have also seen cases where web requests whose endpoints require TLS 1.2 can error with below message on the same server which further indicts the server:
The request was aborted: Could not create SSL/TLS secure channel.
Per documentation here Authenticating with OAuth 2.0 Overview, calls to LinkedIn APIs which we assume include any OAuth endpoints, now require TLS 1.2. Although a different error message, research tells us both can be caused by the same underlying TLS version enabled on the server.
Here is the method where the exception occurs:
public static HttpResponseData DoPostRequest(string uri, string postData)
{
byte[] byte1 = Encoding.UTF8.GetBytes(postData);
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12 | SecurityProtocolType.Tls11 | SecurityProtocolType.Tls | SecurityProtocolType.Ssl3;
HttpWebRequest webReq = (HttpWebRequest)WebRequest.Create(uri);
webReq.Method = "POST";
webReq.ContentType = "application/x-www-form-urlencoded";
webReq.ContentLength = byte1.Length;
Stream newStream = webReq.GetRequestStream();
newStream.Write(byte1, 0, byte1.Length);
newStream.Close();
HttpWebResponse resp = (HttpWebResponse)webReq.GetResponse();
HttpResponseData respData = HttpData.PackageData(resp);
return respData;
}
Specifically, it's this line where the connection error occurs:
Stream newStream = webReq.GetRequestStream();
We are continuing to research and have attempted to enable TLS 1.2 per Microsoft article Transport Layer Security (TLS) registry settings. After restarting the problem still exists. Obviously we're missing something. Note we tested our site at SSL Labs which graded us a B and did show TLS 1.2 is in fact enabled.
Does LinkedIn have any insight on this or have any recommendations as to next steps?
@Hitesh pointed us to correct solution posted about a week before us (for some reason that post wasn't coming up on a search so our post duplicates theirs):
OP: Underlying connection was closed with linkedin
SOLUTION: https://stackoverflow.com/a/63013088/2112940
Hope this helps anyone having this issue