Promoting SoC Through Application Layering

Posted by on
Creating a layered design in an application is a fundamental element of modern software architecture. The goal is to promote the Separation of Concerns (SoC) design principle. Separation of Concerns The ideas behind SoC date back to Dijkstra's 1974 paper "On the role of scientific thought" . In computer science, separation of concerns (sometimes abbreviated as SoC) is a design principle for separating a computer program into distinct sections. Each section addresses a separate concern, a set of information that affects the code of a computer program. A concern can be as general as "the details of the hardware for an application", or as specific as "the name of which class to instantiate". A program that embodies SoC well is called a modular program. Modularity, and hence separation of concerns, is achieved by encapsulating information inside a section of code that has a well-defined interface. - Wikipedia SoC is a broad design principal th...

Ignoring Invalid SSL Certificates in ASP.NET

Posted by on

When developing an application, it's common to use local self-signed certificates, especially early in development. Whether encrypting data or hosting an application in a local instance of IIS, SSL Certificates are a necessity. There are even situations where QA and Dev servers may have untrusted SSL Certificates.

If you've encountered this situation during development/testing, there are fairly simple workarounds. I generally add a feature flag to the appsettings.json to dynamically enable/disable SSL Certificate validation checks.


 HttpClient

When using HttpClient, you can create a custom HttpClientHandler to ignore certificate issues:

public HttpClient GetClient()
{
	if (AppSettings.IgnoreInvalidCertificateErrors)
	{
		var httpClientHandler = new HttpClientHandler();
		
		httpClientHandler.ClientCertificateOptions = ClientCertificateOption.Manual;
		httpClientHandler.ServerCertificateCustomValidationCallback = (httpRequestMessage, cert, certChain, policyErrors) => { return true; };
		var httpClient = new HttpClient(httpClientHandler);
	}
	else
	{
		return new HttpClient();
	}
}

Note: For performance reasons, you should not create new HttpClient objects; instead use IHttpClientFactory as described in Make HTTP requests using IHttpClientFactory in ASP.NET Core.

// add default HttpClient
builder.Services.AddHttpClient();

// add Ignore SSL Cert Errors HttpClient
builder.Services.AddHttpClient("IgnoreSSLErrorsClient")
    .ConfigurePrimaryHttpMessageHandler(
        () => new HttpClientHandler() { 
            ClientCertificateOptions = ClientCertificateOption.Manual,
            ServerCertificateCustomValidationCallback = (httpRequestMessage, cert, certChain, policyErrors) => { return true; }
        }
    );

Connected Service

When using a Connected Service, you can modify the client something like this:

public TestWcfServiceClient GetClient()
{
	var client = new TestWcfServiceClient();
	
	if (AppSettings.IgnoreInvalidCertificateErrors)
	{
		client.ClientCredentials.ServiceCertificate.SslCertificateAuthentication = new System.ServiceModel.Security.X509ServiceCertificateAuthentcation()
		{
			CertificateValidationMode = System.ServiceModel.Security.X509CertificateValidationMode.None
		}
	}
}

DISCLAIMER: This should never be enabled on an application deployed to a production environment, this is for non-production environments only.