IBM Security Verify

Expand all | Collapse all

ISAM - Not able to access policy from dot Net application

  • 1.  ISAM - Not able to access policy from dot Net application

    Posted Fri January 22, 2021 01:28 AM
    Hello Team,

    I'm getting the below error when accessing policy from the dot net application.

    System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception.
    ---> System.Security.Authentication.AuthenticationException: Authentication failed, see inner exception.
    ---> System.ComponentModel.Win32Exception (0x80090304): The Local Security Authority cannot be contacted
    The request was aborted: Could not create SSL/TLS secure channel.

    WebSEAL certificate is stored in the truststore of dot net. Even we tried with disabling the certificate security check from the dot net application still we are getting the same error.

    But When the same Policy is accessed from Java and Angular it's working fine.

    Is there any specific configuration related to the .net application from ISAM end that we are missing?

    can anyone help with the same?

    ------------------------------
    Mukesh
    ------------------------------


  • 2.  RE: ISAM - Not able to access policy from dot Net application

    Posted Fri January 22, 2021 04:01 AM
    Hi Mukesh,

    I found this by doing some Google searches on the error message.   Looks like the issue is that you need additional configuration in .NET application to make it use TLS v1.2:

    Have a look here: http://msprogrammer.serviciipeweb.ro/2019/11/06/show-the-software-artifacts-and-dotnettry-part-6/

    The answer was adding this line to code:

    ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12 | SecurityProtocolType.Tls11 | SecurityProtocolType.Tls;

    Please let us know if it works for you.

    Jon.

    ------------------------------
    Jon Harry
    Consulting IT Security Specialist
    IBM
    ------------------------------



  • 3.  RE: ISAM - Not able to access policy from dot Net application

    Posted Fri January 22, 2021 05:07 AM
    Hi Jon,

    Thanks for your quick response!

    We have tried all possible options in our code. 

    attaching SS of code snippet for reference






    ------------------------------
    Mukesh
    ------------------------------



  • 4.  RE: ISAM - Not able to access policy from dot Net application

    Posted Fri January 22, 2021 05:36 AM
    Hi Mukesh,

    Please try this to explicitly specify TLS1.2 usage.

    System.Net.ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;

    Please let us know the results.

    Regards,

    ------------------------------
    Jahanzaib Sarwar
    ------------------------------



  • 5.  RE: ISAM - Not able to access policy from dot Net application

    Posted Fri January 22, 2021 07:21 AM
    Hi Jahanzaib,

    Thanks for your response!

    Tried with explicitly specifying TLS1.2 usage.

    still, the error is not resolved.




    ------------------------------
    Mukesh
    ------------------------------



  • 6.  RE: ISAM - Not able to access policy from dot Net application

    Posted Fri January 22, 2021 07:42 AM
    Hi Mukesh,

    You mentioned that "WebSEAL certificate is stored in the truststore of dot net", kindly can you confirm which is that truststore? Are you talking about windows trust store here?

    Regards,

    ------------------------------
    Jahanzaib Sarwar
    ------------------------------



  • 7.  RE: ISAM - Not able to access policy from dot Net application

    Posted Fri January 22, 2021 08:50 AM
    Hi Jahanzaib,


    Yes, WebSEAL Certificate is stored in Trusted Root Certification Authorities Certificate Store (Windows truststore).

    ------------------------------
    Mukesh
    ------------------------------



  • 8.  RE: ISAM - Not able to access policy from dot Net application

    Posted Mon January 25, 2021 03:33 AM
    Hi Mukesh,

    What is the result when you open the URL in Internet Exploer? Does IE show certificate warning?

    Regards,

    ------------------------------
    Jahanzaib Sarwar
    ------------------------------