-
Notifications
You must be signed in to change notification settings - Fork 1.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
TLS 1.2 in android option (it does not exists in VS Preview 17.1) #5604
Comments
@thevirtualdj these settings don't exist in .NET 6, so some of these settings actually need to be removed from the Project Options pages. We're tracking this internally here. What are you looking to do exactly? Do the default values work for your case? Thanks! |
I need this setting too. Cant get data with my RestApi (RestSharp) while running Android. it works on Windows machine, but on Android not. |
@ShiiikK can you file a new issue? The issue here is about the setting -- which is actually not needed. .NET 6 supports TLS 1.2, and you don't need a dropdown box to enable it. |
@jonathanpeppers This is not true, I believe. Here is an example. NEO provides seed servers to connect too. This is one of them https://seed1t5.neo.org:20332 If I connect using wither WIndows or iOS, it works correctly (using either HTTP or https since some have said it requires one or the other) But with Android, testing on an Android 11 and Android 12 devices - we get the following errors: HTTPS yields "System.Net.WebException: Unable to parse TLS packet header HTTP yields "System.Net.WebException: Cleartext HTTP traffic to seed1t5.neo.org not permitted The full stack trae for the failure to prse the TLS packet is below BUT I have seen this in the past with XF - and it was a failure of the TLS 1.2 not being selected. at Java.Interop.JniEnvironment.InstanceMethods.CallVoidMethod(JniObjectReference instance, JniMethodInfo method, JniArgumentValue* args) in /Users/runner/work/1/s/xamarin-android/external/Java.Interop/src/Java.Interop/Java.Interop/JniEnvironment.g.cs:line 11884 |
@jonathanpeppers please reopen the issue. |
@logikonline can you file a new issue here: https://github.com/xamarin/xamarin-android/issues Link to it here, thanks! This issue is about these dropdowns: And we don't have these settings anymore in .NET 6+. |
@jonathanpeppers I am sorry, I see the issue. android:usesCleartextTraffic="true" needed to be specified for Android to allow the HHTP traffic. Sorry, too much coffee this morning |
Hello lovely human, thank you for your comment on this issue. Because this issue has been closed for a period of time, please strongly consider opening a new issue linking to this issue instead to ensure better visibility of your comment. Thank you! |
@thevirtualdj - if give me a url of the image, I may be able to assist. It works for me. My client initializes for the HTTP is as follows:
I also set a few default headers |
Trouble is that this is Microsoft.Data.SqlClient 5.0 not HTTPClient. It will fail in Connection Open on MAUI app.. you can try it. using System.Collections.ObjectModel; namespace MySQLTest
} |
@thevirtualdj sorry man. I would never approach direct SQL connection with apps anymore. I would expose a RESTful interface. I suppose it is also why they always ask for a github sample app to be attached to tickets. I hope you find a workaround although you may want to undertake my approach |
These threads always end the same way, don't use direct SQL connections... Maybe we should tell MS that none of these classes should be allowed to exist at all inside MAUI projects? Isn't the whole point of .NET that everything works everywhere? |
@jovanmhn I use SQLite in my XF/Maui apps exclusively because it works cross-platform, but I do not leave the device for those calls. So the connections are to a file and not cross the wire. I have used this tech since before Microsoft acquired it, and it is solid, but there are design patterns that I exclusively use to achieve that. Sorry I could not be of more assistance. |
@logikonline The main attraction of using .NET to create mobile apps for me is the ability to use powerful tools (such as Entity Framwork) that make it possible to manipluate complex (several hundred tables) SQL databases, have the ability to track changes, commit batches in the correct order without too much pain, use stored procedures, fucntions and all the good stuff, without too much hassle Doing this by through REST APIs as a "middle-man", while of course possible, makes the project considerably more complex But that is all besides the point, we have code that works on one enviroment (possibly 2, havent tested iOS), but breaks on Android, and, in my opinion, is clearly an issue to be dealt with if we want to call MAUI true multi platform tech |
I agree with @jovanmhn . We think that this issue for some small side apps (warehouse mgm, local apps that connect to on-premise SQL servers are still a big piece of cake. So this issue with clear text traffic on android should be solved for these apps. Currently we are trying to implement clear text traffic but no success. In some threads they say you should use: android:usesCleartextTraffic="true". With TLS 1.2 no success to: Tried everything in this thread but main issue is that it is tied to DOMAIN that is not so useful at all: So if anyone has any idea pls advise. We would really like to use MAUI and start developing our apps on it with SQL Server support. Thank you in advance. |
@thevirtualdj If you shared a repo, I would give you some time to help resolve it. I presently use this on very large projects (north of 200+ tables @jovanmhn) with much success, but we will have to disagree around approaches. I do see value in EF, but I chose to use a different ORM and the approach does require some middle work, although the payoff is better IMO. If you saw above, my error posted in the stacktrace reported clearText issue. I haven't seen your stacktrace so it likely isn't applicable to the same outcome. I can tell you, Maui is finicky around getting everything just right to compile/function. I personally preferred the different projects in XF but I can see their direction and once it is flushed out, it hopefully will grow on me. The ability to edit the project file is better IMO and the new handlers are nicer. If I were you, I would post a repo where it can be reproduced. Then I can give you some constructive feedback and possibly a workaround. |
Greetings, I do not agree with you. Direct access to SQL server is a great feature. Sure it needs to be encrypted on public networks. But for small usage and private nets it is indeed a great feature. Thank in advance for your help. It is not a problem to encrypt the connection but now I am having a trouble to export SQL Server certificate and use it in this app. |
I would follow these 2 threads, as I can see it got narrowed down to the sql client dotnet/SqlClient#1656 although it could be a wider android certificate issue |
Trouble with first possible solution is "set the commonName to the ServerName like this: [PCName].[Domain].local". Second thread (I tried it all but it gets to first thread, you have to have two way cert that has to have a domain). So blind street there.. No success. |
I found no adequate solution either, but I would assume that when it happens, it will be anounced in these threads. |
I hit the subscribe button but all of these issues are just closed and moved around. I opened one here on MAUI for this and they just closed it like that is not MAUI problem. So.. will check those issues. |
Yes this is a much wider tls android issue (I am author of these SQL Client MAUI issues) |
Managed to solve it with cert and IP address.
<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
<base-config cleartextTrafficPermitted="true">
<trust-anchors>
<certificates src="system" />
<certificates src="user" />
<certificates src="@raw/razvoj1"/>
</trust-anchors>
</base-config>
<domain-config cleartextTrafficPermitted="true">
<domain includeSubdomains="true">localhost</domain>
<domain includeSubdomains="true">192.168.0.15,1433</domain>
<domain includeSubdomains="true">192.168.0.15</domain>
<domain includeSubdomains="true">RAZVOJ1</domain>
<domain includeSubdomains="true">RAZVOJ1.localhost</domain>
<trust-anchors>
<certificates src="system" />
<certificates src="user" />
<certificates src="@raw/razvoj1"/>
</trust-anchors>
</domain-config>
</network-security-config>
<?xml version="1.0" encoding="utf-8"?>
<manifest android:targetSandboxVersion="1" xmlns:android="http://schemas.android.com/apk/res/android">
<application android:allowBackup="true"
android:icon="@mipmap/appicon"
android:roundIcon="@mipmap/appicon_round"
android:usesCleartextTraffic="true"
android:networkSecurityConfig="@xml/nsc"
android:supportsRtl="true"></application>
<uses-permission android:name="android.permission.ACCESS_NETWORK_STATE" />
<uses-permission android:name="android.permission.INTERNET" />
</manifest>
|
its looks more or less like the solution lcheunglci posted in one of the mentioned threads its ok for testing and development, obviously cant expect random people to install random certs on their phones |
This is actually not bad because cert is embedded in your app. For now at least we have some solution (was afraid that this will not work without domain, but it does). |
I'm glad it helped, you're welcome 👍 |
Sorry for the delayed reply, I was impacted by Hurricane Ian & had to evacuate. It did work on my Azure server with .NET 6.0 but it appears you are solid now. I didn't have to create a cert for my device, being that Azure provides one. As a general development environment, which allows you to not worry about certs when debugging on Android (Android is very picky) - I always use NGROK since that can be set up to serve any IP with their SSL to any server. I have used this for 3 years and can vouch it works. |
Hello lovely human, thank you for your comment on this issue. Because this issue has been closed for a period of time, please strongly consider opening a new issue linking to this issue instead to ensure better visibility of your comment. Thank you! |
Description
Where to set TLS 1.2 in android options (it does not exists in VS Preview 17.1)
Can find it in Xamarin but no option to set it on .NET MAUI. project properties.
https://docs.microsoft.com/en-us/xamarin/cross-platform/app-fundamentals/transport-layer-security?tabs=windows
Is there an option in VS somewhere (really got into it but cannot find it)?
And not only one for now.. Please advise.
https://docs.microsoft.com/en-us/answers/questions/658469/use-httpclient-in-maui.html
Public API Changes
TLS 1.2 in android option (it does not exists in VS Preview 17.1)
Intended Use-Case
TLS 1.2 in android option (it does not exists in VS Preview 17.1)
The text was updated successfully, but these errors were encountered: