I'm running into an issue with my application. When trying to use ZipWise.com's api to get some zip codes I get the error "The request was aborted: Could not create SSL/TLS secure channel." I did not make any changes to the program, and it all of a sudden stopped allowing me to use their API. I tried adding this to the beginning of my code before the request is created:
ServicePointManager.Expect100Continue = true;
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
I disabled TLS 1.0, TLS 1.1, SSL 2.0, and SSL 3.0 on the server (and rebooted). I'm able to open the url in a browser without issue. I verified on SSL Labs that they are using TLS 1.2.
When I run this on my development PC, it executes without issue and returns a bunch of zip codes. When I try to run it on the server, it fails and gives me that error.
Here is some sample code I used in a Windows forms application that produces the same error:
private void button1_Click(object sender, EventArgs e)
{
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
ServicePointManager.Expect100Continue = true;
string url = "https://zipwise.com/webservices/radius.php?key=**********&zip=90210&radius=50";
HttpWebRequest request = (HttpWebRequest)WebRequest.Create(new Uri(url));
request.Method = "POST";
HttpWebResponse response = (HttpWebResponse)request.GetResponse();//exception occurs here
StreamReader input = null;
XDocument doc = null;
if (response.StatusCode.Equals(HttpStatusCode.OK))
{
input = new StreamReader(response.GetResponseStream());
doc = XDocument.Parse(input.ReadToEnd());
}
response.Close();
request.ServicePoint.CloseConnectionGroup(request.ConnectionGroupName);
if (input != null)
{
input.Close();
var tempZips = (from z in doc.Descendants("result") select z.Descendants("zip").Single().Value).ToList();
finalZips.AddRange(tempZips);
foreach(string s in finalZips)
{
listBox1.Items.Add(s);
}
}
}
Any help is appreciated!
EDIT: The application is running on .NET 4.6, The SSL Cert on the server is still valid.
Related
I am working on Windows Service in visual studio 2017. In the rest api's call, getting exceptions while debugging code. Sometimes first 2 3 calls working after that getting exceptions.
System.Net.WebException: 'The remote server returned an error: (503)
Server Unavailable.'
The remote server returned an error: (429)
Unable to connect to the remote server
When calling same api's from Postman, getting response successfully.
This is my code
private void timer1_Tick(object sender, ElapsedEventArgs e)
{
WriteToFile("timer1_Tick method called..");
try
{
string jsonString = "";
string jsonstring2 = "";
string prodfetchurl = HOST;
var req = WebRequest.Create(prodfetchurl) as HttpWebRequest;
req.Method = "GET";
InitializeRequest(req);
req.Accept = MIME_TYPE;
//System.Threading.Thread.Sleep(5000);
var response = (HttpWebResponse)req.GetResponse();
WriteToFile("First service called...");
if (response.StatusCode == HttpStatusCode.OK)
{
Stream responseStream = response.GetResponseStream();
StreamReader responseReader = new StreamReader(responseStream);
jsonString = responseReader.ReadToEnd();
}
var deserialsseobj = JsonConvert.DeserializeObject<ProductList>(jsonString).Products.Where(i => i.Failed > 0).ToList();
foreach (var a in deserialsseobj)
{
var pid = a.ID;
string url = FailedDevicesUrl + pid.Value + "/failed";
var req2 = WebRequest.Create(url) as HttpWebRequest;
req2.Method = "GET";
InitializeRequest(req2);
req2.Timeout = 300000;
req2.Accept = MIME_TYPE;
var response1 = (HttpWebResponse)req2.GetResponse();
Stream responsestream2 = response1.GetResponseStream();
WriteToFile("Second service called...");
if (response1.StatusCode == HttpStatusCode.OK)
{
StreamReader responsereader1 = new StreamReader(responsestream2);
jsonstring2 = responsereader1.ReadToEnd();
}
var output = JsonConvert.DeserializeObject<List<FailedDeviceList>>(jsonstring2); // Will get List of the Failed devices
List<int> deviceids = new List<int>();
Reprocessdata reproc = new Reprocessdata();
Reprocessdata.DeviceId rprod = new Reprocessdata.DeviceId();
reproc.ForceFlag = true;
reproc.ProductID = pid.Value;
foreach (var dd in output)
{
rprod.ID = dd.DeviceId;
reproc.DeviceIds.Add(rprod);
}
// Reprocess the Product in Devices
var req3 = WebRequest.Create(ReprocessUrl) as HttpWebRequest;
req3.Method = "POST";
InitializeRequest(req3);
req3.Accept = MIME_TYPE;
req3.Timeout = 300000;
req3.ContentType = "application/json";
using (StreamWriter writer = new StreamWriter(req3.GetRequestStream()))
{
string json = new JavaScriptSerializer().Serialize(reproc);
writer.Write(json);
writer.Close();
}
System.Threading.Thread.Sleep(5000);
var response5 = (HttpWebResponse)req3.GetResponse();
WriteToFile("Third service called...");
if (response5.StatusCode == HttpStatusCode.OK)
{
string result;
using (StreamReader rdr = new StreamReader(response5.GetResponseStream()))
{
result = rdr.ReadToEnd();
}
}
}
response.Close();
}
catch (Exception ex)
{
WriteToFile("Simple Service Error on: {0} " + ex.Message + ex.StackTrace);
}
}
Methods used in above code
protected override void OnStart(string[] args)
{
base.OnStart(args);
timer1 = new System.Timers.Timer();
timer1.Interval = 60000; //every 1 min
timer1.Elapsed += new System.Timers.ElapsedEventHandler(timer1_Tick);
timer1.Enabled = true;
WriteToFile("Service has started..");
}
public void InitializeRequest(HttpWebRequest request)
{
request.Headers.Add("aw-tenant-code", API_TENANT_CODE);
request.Credentials = new NetworkCredential(USER_NAME, PASSWORD);
request.KeepAlive = false;
request.AddRange(1024);
}
When I contacted service provide they said everything fine from there side. Is this my code is buggy or windows service not reliable? How can I fix this issue?
Note: All APIS are working fine from Angular application using Visual Studio Code. It means my code is not working.
Edit1: Three below services I am using from this document of VMware.
private const string HOST = "https:host/api/mdm/products/search?";
private const string FailedDevicesUrl = "https:host/api/mdm/products/";
private const string ReprocessUrl = "https:host/api/mdm/products/reprocessProduct";
Response http code 429 indicates that you sending too many requests on target web service.
This means service you trying to send requests has a policies that blocks some requests by request-per-time limit.
Also I admit that external service can be manually configured to throw 403 code in specific cases that you can't know about. If that, this information can be explained in external service documentation... or not :)
What you can do with this?
Fit in limitations
You can make detailed research what limits target webservice has and set up your code to fit in this limitations. For example if service has limitation for receiving only one request per 10 minutes - you must set up your timer to send one request each 10 or more minutes. If documentation not provide such information - you can test it manually by finding some patterns with external service responses.
Use proxy
Every limitation policy based on information about requests senders. Usually this information consists of IP address of sender only. This means if you send 2 requests from two different IP addresses - limitation policy will perceive that like 2 different computers sending these requests. So you can find/buy/rent some proxy IP addresses and send requests through there on target web server.
How to connect through proxy in C# using WebRequest you can see in this answer.
Negotiate with external service provider
If you have possibility to communicate with external service developers or help center, you can ask their to reduce limitations for your IP address (if it static) or provide some mechanisms to avoid limitation policy for you. If for some reason they cannot provide this opportunity, at least you can ask detailed information about limitations.
Repetition mechanism
Some times 503 error code that is outer exception you received may be caused by service unavailable. It means that server can be under maintenance or temporary overloaded. So you can write repetition mechanism to make continious sending requests to server until it'll be accessible.
Polly library may help you with repetition mechanism creation
The inner error of that 503 is:
The remote server returned an error: (429)
HTTP 429 indicates too many requests. Maybe your upstream server can’t process all requests sent.
This can happen when you reached rate limiting / throttling value if you’re calling a third party API.
UPDATE
As per page 28 in the API docs, you could configure throttling when creating a new API. Check if the throttling is too small or maybe turn off the throttling and see if that could fix the error?
I deployed a WCF web service on IIS (https, TLS1.2) last year, 2019 and the client code implemented SecurityProtocolType.Tls12 , and it connected to the web service URL successfully and started working perfectly.
I ran into a problem this year saying
the underlying connection was closed. An unexpected error occurred on a send.
I checked the web service URL SSL certificate if it is still on TLS1.2, and it is.
The client code to test the connection is shown below:
public bool TestConnection(string url)
{
try
{
var myRequest = (HttpWebRequest)WebRequest.Create(url);
myRequest.Timeout = Timeout.Infinite;
myRequest.ReadWriteTimeout = 30000;
myRequest.KeepAlive = true;
myRequest.ServicePoint.Expect100Continue = false;
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
myRequest.ServerCertificateValidationCallback = (s, cert, chain, ssl) => true;
var response = (HttpWebResponse)myRequest.GetResponse();
if (response.StatusCode == HttpStatusCode.OK)
{
return true;
}
else
{
//well, at least it returned...
return false;
}
}
catch (Exception ex)
{
return false;
}
}
I think the most possible cause is that the certificate is expired if the WCF service and the client-side work properly before.
Are you using a self-signed certificate for transport layer security? Also, please try not to specify a TLS version for communication.
ServicePointManager.SecurityProtocol = SecurityProtocolType.Ssl3 | SecurityProtocolType.Tls11 | SecurityProtocolType.Tls12;
Before we call the remote service again, I suggest you navigate to the service URL using a browser and check for certificate errors. The error message displayed by the browser should help you troubleshoot what's causing the error.
Feel free to let me know if the problem still exists.
I have a WPF application and that calling 4 web services (Written with Java) on the same base URL and it was working perfectly until I install google chrome. I installed chrome and I've got this error:
Could not establish secure channel for SSL/TLS C# Web service
I didn't write another code. That happened for just I installed chrome then I remove chrome but didn't work and I tried system restore, uninstall eset smart security and I cleaned all windows(8.1 single languages) certificate. So how can I figure it out? Here is my web service caller
public string call(string url, string json)
{
try
{
var webrequest = (HttpWebRequest)WebRequest.Create(url);
var key = JsonConvert.SerializeObject(LoginService.SessionData.SessionKey);
UTF8Encoding uTF8Encoding = new UTF8Encoding();
byte[] requestBytes = uTF8Encoding.GetBytes(json);
WebClient client = new WebClient();
webrequest.Method = "POST";
webrequest.Headers.Add("SESSION_KEY", LoginService.SessionData.SessionKey);
webrequest.ContentType = "application/json";
webrequest.ContentLength = requestBytes.LongLength;
Stream requestStream = webrequest.GetRequestStream();//here the exception
requestStream.Write(requestBytes, 0, requestBytes.Length);
using (var response = webrequest.GetResponse())
using (var reader = new StreamReader(response.GetResponseStream()))
{
var responseBuf = reader.ReadToEnd();
String responseJson = Convert.ToString(responseBuf);
return responseJson;
}
}
catch (Exception ex)
{
MessageBox.Show(ex.Message);
}
return null;
}
By my observation there are a large number of services over the last several months that are turning off SSL and/or older TLS versions to mitigate security problems inherent in them.
Anywhere within the AppDomain you can just force the connection to use TLS 1.2 like this:
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12
You can also OR together multiple versions if you need to support older ones as well:
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls11 | SecurityProtocolType.Tls12
Our .NET code is posting using JSON to an HTTPS REST API. It works on machines from Vista up (I think they all have .NET 4.5), however, we need to support down to Win XP with .Net 4.0 and on that machine our code fails on the last line shown below.
If we change the URI to HTTP from HTTPS, it works fine. A number of the lines you see below (such those for CertificateValidationCallBack) were added in an attempt to fix this issue).
BIG FLAG: We have noticed that on this XP machine, IE 8 gives "Internet Explorer cannot display the webpage" over HTTPS, though HTTP is fine. We added the CertificateValidationCallBack handler hoping it would get around this issue. I'm not sure it does.
Some information about the server configuration. It is an EC2 instance behind an ELB. The ELB holds the SSL cert and sends data received from port 443 to port 80. Apache on the EC2 instance just deals with port 80.
ADDED: sslchecker.com shows a good certificate.
private static bool CertificateValidationCallBack(
object sender,
System.Security.Cryptography.X509Certificates.X509Certificate certificate,
System.Security.Cryptography.X509Certificates.X509Chain chain,
System.Net.Security.SslPolicyErrors sslPolicyErrors)
{
return true;
}
HttpWebRequest webRequest = (HttpWebRequest)WebRequest.Create(uri);
webRequest.PreAuthenticate = true;
using (var client = new WebClient())
{
client.Headers.Add(HttpRequestHeader.ContentType, "application/json");
try
{
string responseString ;
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls;
ServicePointManager.ServerCertificateValidationCallback = CertificateValidationCallBack;
_webEx = null;
webRequest.ContentType = "application/json";
webRequest.Method = "POST";
byte[] bytes = System.Text.Encoding.ASCII.GetBytes(credsString);
// webRequest.ContentLength = bytes.Length;
webRequest.KeepAlive = false;
webRequest.Timeout = -1;
System.IO.Stream os = webRequest.GetRequestStream();
os.Write(bytes, 0, bytes.Length); //Push it out there
os.Close();
System.Net.WebResponse resp = webRequest.GetResponse();
. . . . .
}
}
I realise there have been a number of similar posts to this but I haven't found a solution yet. Am trying to post some xml to an MPI gateway but keep getting the following error:
Unable to read data from the transport connection: An existing
connection was forcibly closed by the remote host.
Below is the code I'm currently using but have tried just about every different approach I can think of and they all return the same error:
string result = "";
string xml = "<TNSAuthRequest><CardNumber>0123456789</CardNumber><ExpiryDate>1801</ExpiryDate><PurchaseAmt>750</PurchaseAmt><CurrencyCode>826</CurrencyCode><CurrencyExponent>2</CurrencyExponent><CountryCode>826</CountryCode><MerchantName>Mayflower</MerchantName><MerchantId>0123456789</MerchantId><MerchantData>abcdefghijklmnopqrstuvwxyz0123456789</MerchantData><MerchantUrl>example.com</MerchantUrl><NotificationURL>example.com/basket</NotificationURL></TNSAuthRequest>";
var url = "https://mpi.securecxl.com";
byte[] bytes = System.Text.Encoding.ASCII.GetBytes("xmldata=" + xml.ToString());
ServicePointManager.ServerCertificateValidationCallback += new System.Net.Security.RemoteCertificateValidationCallback(ValidateRemoteCertificate);
var req = (HttpWebRequest)WebRequest.Create(url);
req.AllowWriteStreamBuffering = true;
req.ContentType = "text/xml";
req.Method = "POST";
//req.ContentLength = bytes.Length;
req.KeepAlive = false;
req.ProtocolVersion = HttpVersion.Version10;
req.ServicePoint.ConnectionLimit = 1;
//req.Timeout = -1;
try
{
using (var writer = new StreamWriter(req.GetRequestStream(), Encoding.ASCII))
{
writer.WriteLine(bytes);
}
using (WebResponse resp = req.GetResponse())
{
using (StreamReader sr = new StreamReader(resp.GetResponseStream()))
{
result = sr.ReadToEnd().Trim();
}
}
}
catch (Exception ex)
{
result = ex.Message + "<br />" + ex.InnerException.Message + "<br /><br />" + xml.Replace("<", "<");
}
ViewBag.result = result;
Am basically wandering if anyone can see anything that might be wrong with the code that could be causing this error or if it's most likely I problem on the their end? Have tried running on my localhost, our live server and my own private server (with a completely different IP) and still get same result.
Any ideas?
I think its because you are connecting to "https" url. In this case you have to add following line to your code.
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
It will accept "ssl" protocol for your request. "ServicePointManager.ServerCertificateValidationCallback" handler just controls certificate validity.
Slightly better perhaps:
System.Net.ServicePointManager.SecurityProtocol = System.Net.ServicePointManager.SecurityProtocol | System.Net.SecurityProtocolType.Tls12;
#AlisettarHuseynli is right, this sometimes has to do with https. Most likely occurs when the infrastructure gets updates which may mean TLS gets updated for example from TLS1.0 to TLS1.2 Usually happens with some APIs, etcetera.
If the service you are trying to access can be accessed over http, do that. Change the scheme from https to http. Worked in my case. Otherwise you'll have to add code to support higher versions of TLS. Popular software usually have an opt-in option to use TLS1.2 instead of the old TLS1.0.