Using System.Net trace to troubleshooting SSL problem in .NET 2.0 application

 

In .NET Framework 2.0, System.Net has a new feature called Tracing. System.Net Tracing is very useful for some special scenarions:

- Client and server are on the same machine, in case of this network monitor doesn’t work for you as it can’t capture the loop back traffic.

-  Secure communication like HTTPS.

Here is a sample about using System.Net tracing to resolve a SSL problem. Consider follow scenario, an AuthenticationException throw out on frontend web service when it calling the backend web service.

Client --- SSL --- Frontend Web Service (ASP.NET 2.0) --- SSL --- Backend Web Service

[AuthenticationException: The remote certificate is invalid according to the
validation procedure.]
System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken message,
AsyncProtocolRequest asyncRequest, Exception exception) +1036754
System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken
message, AsyncProtocolRequest asyncRequest) +333
System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count,
AsyncProtocolRequest asyncRequest) +313

To fix this problem, we enabled System.Net tracing, below is the configuration file. Please:

- Insert this config part into your web.config

- Make sure application pool identity has write permission to the log file.

<system.diagnostics>

                        <sources>

                                    <source name="System.Net" tracemode="includehex" maxdatasize="1024">

                                                <listeners>

                                                            <add name="System.Net"/>

                                                </listeners>

                                    </source>

                                    <source name="System.Net.Sockets">

                                                <listeners>

                                                            <add name="System.Net"/>

                                                </listeners>

                                    </source>

                                    <source name="System.Net.Cache">

                                                <listeners>

                                                            <add name="System.Net"/>

                                                </listeners>

                                    </source>

                        </sources>

                        <switches>

                                    <add name="System.Net" value="Verbose"/>

                                    <add name="System.Net.Sockets" value="Verbose"/>

                                    <add name="System.Net.Cache" value="Verbose"/>

                        </switches>

                        <sharedListeners>

                                    <add name="System.Net"

                                    type="System.Diagnostics.TextWriterTraceListener"

                                    initializeData="d:\temp\network.log" />

                        </sharedListeners>

                        <trace autoflush="true"/>

</system.diagnostics>

And, we found follow detailed information in the trace file.

System.Net Information: 0 : [0308] SecureChannel#59995477 - Remote certificate has
errors:
System.Net Information: 0 : [0308] SecureChannel#59995477 - A certificate chain
processed, but terminated in a root certificate which is not trusted by the trust
provider.
System.Net Information: 0 : [0308] SecureChannel#59995477 - Remote certificate was
verified as invalid by the user.
System.Net.Sockets Verbose: 0 : [0308] Socket#54041329::Dispose()
System.Net Error: 0 : [0308] Exception in the HttpWebRequest#27598891:: - The
underlying connection was closed: Could not establish trust relationship for the
SSL/TLS secure channel.
System.Net Error: 0 : [0308] Exception in the
HttpWebRequest#27598891::EndGetResponse - The underlying connection was closed:
Could not establish trust relationship for the SSL/TLS secure channel.

Regards,

Wei Zhao