-
Notifications
You must be signed in to change notification settings - Fork 564
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Android duplex client not working with TCP transport security #5031
Comments
It's difficult to know what the problem is exactly as from the WCF perspective as all we do is new up an SslStream and call AuthenticateAsClientAsync and the exception is that SslStream threw an exception. There's a difference in behavior with SslStream between Android and the other platforms. I searched for SslException in the maui android repo and found this comment which references issue dotnet/runtime#45741. In that issue it says the following:
It looks like using self signed developer certificates and telling WCF to skip certificate validation isn't an option on Android. If you are going to have a certificate which Android can validate available when you release the phone app and you just want to get past this problem during prototyping, you can set the binding SecurityMode to None. The communication won't be encrypted and the server will have no way of identifying the clients identity, but it will allow you to concentrate on other parts of your prototype later. One option it to get a free certificate which has a publicly valid signature, but that requires owning a domain and maybe hosting a file on that domain (I'm only familiar with Lets Encrypt and I'm several years out of date, but that's how they did it when I looked into them a few years ago). I hope this is enough info to unblock you. BTW, you might want to consider switching to NetHttpBinding which uses WebSockets when you have a duplex contract. The down side with using NetTcp over high latency links is that it requires an ACK byte sent in response to an incoming message before the sender can send the next thing. NetTcp allows you to have replies sent in a different order than the requests were sent as the request and reply are tied together using a generated GUID added to each request message. This allows you to make a request to the service (or client if using duplex) and before the reply comes back, send a second request to the service. The problem that can happen with the ACK byte is that the second request won't begin to be sent until the ACK byte is returned for the first request. In high latency networks (such as mobile networks which can often have a 300ms latency), this makes it harder to send multiple requests before the reply comes back. A second problem with NetTcp on unreliable networks (such as mobile networks) is difficulty in detecting the connection has died. If the client (or server with duplex contracts) doesn't have an outstanding request that it's waiting on the reply for, there's no way to know that the connection has died. The first you find out is when you next try to send a request and you might have to wait for the Send timeout (default of 1 minute) to elapse before you get an exception. |
Hopefully your issue has been resolved with Matt's comment, close for now. Feel free to reactivate if you have more questions. |
I am working a prototype for a phone app, using MAUI on .NET 6, System.ServiceModel.NetTcp 4.10.0. The following code works for a Windows client, and using an iPhone simulator, but fails on an Android simulator.
The exception thrown is:
The inner\inner exception is:
The text was updated successfully, but these errors were encountered: