SSlStream Authentication failing in .NET MAUI Android app whereas same is working in Xamarin.forms

Question

have connected to Controller via WiFi from .NET MAUI Android app and TLS is enabled in connected Controller.

From .NET MAUI Android project, I am trying to authenticate SSLStream with below code SslStream _secureStream = new SslStream( new TcpClient().GetStream(), false, new RemoteCertificateValidationCallback(ValidateServerCertificate), null); _secureStream.AuthenticateAsClient(serverName); //serverName is certificate name here

While authenticating it is throwing exception as below {System.Security.Authentication.AuthenticationException: Authentication failed, see inner exception. ---> Interop+AndroidCrypto+SslException: Exception of type 'Interop+AndroidCrypto+SslException' was thrown. at Interop.AndroidCrypto.SSLStreamSetTargetHost(SafeSslHandle sslHandle, String targetHost) at System.Net.SafeDeleteSslContext.InitializeSslContext(SafeSslHandle handle, SslAuthenticationOptions authOptions) at System.Net.SafeDeleteSslContext..ctor(SslAuthenticationOptions authOptions) at System.Net.Security.SslStreamPal.HandshakeInternal(SafeFreeCredentials credential, SafeDeleteSslContext& context, ReadOnlySpan1 inputBuffer, Byte[]& outputBuffer, SslAuthenticationOptions sslAuthenticationOptions) --- End of inner exception stack trace --- at System.Net.Security.SslStream.<ForceAuthenticationAsync>d__1501[[System.Net.Security.SyncReadWriteAdapter, System.Net.Security, Version=8.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a]].MoveNext() at System.Net.Security.SslStream.AuthenticateAsClient(SslClientAuthenticationOptions sslClientAuthenticationOptions) at System.Net.Security.SslStream.AuthenticateAsClient(String targetHost, X509CertificateCollection clientCertificates, SslProtocols enabledSslProtocols, Boolean checkCertificateRevocation) at System.Net.Security.SslStream.AuthenticateAsClient(String targetHost)

Answer 1

Hello,

There is already a discussion in the GitHub repository about the Interop+AndroidCrypto+SslException error on the Maui Android platform. On the Android platform, you need to additionally configure network_security_config.xml to enable your certificate to avoid this error.

@ComptonAlvaro Unfortunately, there isn't 1:1 feature parity when it comes to bypassing validation of self-signed certificates between .NET on Android and on Windows, so using miHttpHandler.ServerCertificateCustomValidationCallback = HttpClientHandler.DangerousAcceptAnyServerCertificateValidator; or miHttpHandler.ClientCertificates.Add(cert); won't bypass Android's internal validation in your app. There should be a workaround though. Since you have the certificate files inside of your app, you should be able to add network_security_config.xml to your Android resources, reference it from AndroidManifest.xml, and import your self-signed certificates this way. This documentation page should give you all the information necessary: https://developer.android.com/training/articles/security-config Please let me know if this resolves this issue for you or if you have any follow-up questions.

Please refer to Exception of type 'Interop+AndroidCrypto+SslException' was thrown. #74292 for more details.

Best Regards,

Alec Liu.

---

If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.