New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CONNECT failed: RefusedNotAuthorized C# #63
Comments
looks like the cert that you are using is not valid? It's authorization exception. |
It is a valid cert. It is our root dc cert. From my understanding the hub only holds onto the x509 thumbprint and when you want to connect it compares the stored thumprint to the one supplied with the auth mechanism. |
Can you try adding a receiveAsync call in your code after the following line ? |
Same thing, {"CONNECT failed: RefusedNotAuthorized"} |
I have created a simple console app which uses X.509 certs and device methods. It works on my IoT Hub. Can you plug in the constant values at the top and try it out on your IoT hub and X.509 device? |
Nope, same issue. I added the following to add the device and then try to auth. Still getting the same issue. `var x509Certificate = GetX509Cert(CertSerial); Device newDevice = new Device("TestingSSL"); newDevice.Authentication = new AuthenticationMechanism() { X509Thumbprint = new X509Thumbprint() { PrimaryThumbprint = x509Certificate.Thumbprint } }; RegistryManager registryManager = RegistryManager.CreateFromConnectionString(IotHubConnectionString); await registryManager.AddDeviceAsync(newDevice); |
From the service-side logs, it appears that the service is not receiving the client certificate. Can you try changing the transport protocol to MQTT over Websocket like this: You could also try using another protocol like Amqp or Http: This will help us narrow down the issue that you are facing. Also, let us know which version of Windows the client is running on. |
_client = DeviceClient.Create("pc-iothub01.azure-devices.net", certAuth, TransportType.Mqtt_WebSocket_Only); __client = DeviceClient.Create("pc-iothub01.azure-devices.net", certAuth, TransportType.Amqp); __client = DeviceClient.Create("pc-iothub01.azure-devices.net", certAuth, TransportType.Http1); |
@CRACKbomber - Can you please provide which version of the SDK your are using? Thanks. |
Microsoft.Azure.Devices.Client 1.2.4 |
@CRACKbomber - Can you try using a self-signed cert - https://technet.microsoft.com/itpro/powershell/windows/pki/new-selfsignedcertificate ? |
@rajeevmv I have |
Can you share a self-signed cert that fails for you here? Please note that this should be a throwaway cert that you do not plan to use for any other purpose. I can try to use that cert using the sample I posted above and check if it works for me. I will need the private key as well in this case. |
There is no private key in my cert. |
I will need a pfx file (which contains the private key) along with a password to read the file. (FYI: https://security.stackexchange.com/questions/29425/difference-between-pfx-and-cert-certificates). This is because the client will need the private key in order to successfully complete the TLS handshake with the service. |
This appears to be the root cause of the issue that you are facing. You will need to provide a .pfx file as input to the device client. The .pfx file should contain the private key of the cert generated. This private key will not be transmitted over the wire. But, it will be used to prove to the server that it is indeed the owner of the cert. Our apologies that the documentation does not state this explicitly. We will update it to reflect this. |
@CRACKbomber - Closing issue. Please let us know if still having problems. |
@rajeevmv Can you tell me how o make .pfx file. Any step by step helper link? I have same issue now. |
Take a look at this link: http://windowsitpro.com/blog/creating-self-signed-certificates-powershell |
Add client side tracing to the TPM over AMQP/WS scenario
Add client side tracing to the TPM over AMQP/WS scenario
Add client side tracing to the TPM over AMQP/WS scenario
Add client side tracing to the TPM over AMQP/WS scenario
Add client side tracing to the TPM over AMQP/WS scenario
* Merge pull request #66 from Azure/alextolp/setcompletedsync Setting CompletedSynchronously everywhere * Provisioning MQTT transport using the ExecutorTaskScheduler. * Device MQTT transport using the ExecutorTaskScheduler. * Removing ConcurrentObjectPool. * Merge pull request #63 from Azure/ravokkar/tpmamqpws-tracing Add client side tracing to the TPM over AMQP/WS scenario * Merge pull request #64 from Azure/alextolp/amqpsyncfix AMQP - handle sync completion * Merge pull request #65 from Azure/alextolp/amqpwsaddlogs Add logs for amqp ws tpm * Fixing synchronous completions for AMQP. * Adding test execution note. * Changing build order of netfx.
{Microsoft.Azure.Devices.Client.Exceptions.UnauthorizedException: CONNECT failed: RefusedNotAuthorized
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.Azure.Devices.Client.Transport.Mqtt.MqttTransportHandler.
When I try to set method handlers I get the above inner exception.
csharpcode.txt
The text was updated successfully, but these errors were encountered: