runtime: [Bug] SSL Connection refused when calling ASP.NET Core API endpoints from .NET MAUI App on Android

The ASP.NET Core Web API app is up and running. Making requests to the API endpoints from Blazor Web Assembly works perfectly fine. Whenever making request from the .NET MAUI Blazor App it’s throwing the following exception:

[DOTNET] System.Net.Http.HttpRequestException: Connection refused (localhost:44363)
[DOTNET]  ---> System.Net.Sockets.SocketException (111): Connection refused
[DOTNET]    at System.Net.Sockets.Socket.AwaitableSocketAsyncEventArgs.ThrowException(SocketError error, CancellationToken 
[DOTNET] cancellationToken) in System.Net.Sockets.dll:token 0x60002b9+0x1f
[DOTNET]    at System.Net.Sockets.Socket.AwaitableSocketAsyncEventArgs.System.Threading.Tasks.Sources.IValueTaskSource.GetResult(Int16 token) in System.Net.Sockets.dll:token 0x60002b3+0x26
[DOTNET]    at Syst
[DOTNET] em.Net.Sockets.Socket.<ConnectAsync>g__WaitForConnectWithCancellation|277_0(AwaitableSocketAsyncEventArgs saea, ValueTask connectTask, CancellationToken cancellationToken) in System.Net.Sockets.dll:token 0x600029c+0xa4
[DOTNET]    at System.Net.Http.HttpConnectionP
[DOTNET] ool.ConnectToTcpHostAsync(String host, Int32 port, HttpRequestMessage initialRequest, Boolean async, CancellationToken cancellationToken) in System.Net.Http.dll:token 0x6000700+0x1b4
[DOTNET]    --- End of inner exception stack trace ---
[DOTNET]    at System.Net.Http.HttpC
[DOTNET] onnectionPool.ConnectToTcpHostAsync(String host, Int32 port, HttpRequestMessage initialRequest, Boolean async, CancellationToken cancellationToken) in System.Net.Http.dll:token 0x6000700+0x298
[DOTNET]    at System.Net.Http.HttpConnectionPool.ConnectAsync(HttpReque
[DOTNET] stMessage request, Boolean async, CancellationToken cancellationToken) in System.Net.Http.dll:token 0x60006ff+0x14d
[DOTNET]    at System.Net.Http.HttpConnectionPool.CreateHttp11ConnectionAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellati
[DOTNET] onToken) in System.Net.Http.dll:token 0x6000701+0x8f
[DOTNET]    at System.Net.Http.HttpConnectionPool.SendUsingHttp11Async(HttpRequestMessage request, Boolean async, Boolean doRequestAuth, CancellationToken cancellationToken) in System.Net.Http.dll:token 0x60006f1
[DOTNET] +0x15d
[DOTNET]    at System.Net.Http.HttpConnectionPool.DetermineVersionAndSendAsync(HttpRequestMessage request, Boolean async, Boolean doRequestAuth, CancellationToken cancellationToken) in System.Net.Http.dll:token 0x60006f2+0x224
[DOTNET]    at System.Net.Http.HttpConne
[DOTNET] ctionPool.SendAndProcessAltSvcAsync(HttpRequestMessage request, Boolean async, Boolean doRequestAuth, CancellationToken cancellationToken) in System.Net.Http.dll:token 0x60006f3+0x8e
[DOTNET] ssage request, Boolean async, Boolean doRequestAuth, CancellationToken cancellationToken) in System.Net.Http.dll:token 0x60006f4+0x99
[DOTNET]    at System.Net.Http.HttpConnectionPool.CreateHttp11ConnectionAsync(HttpRequ07-16 12:39:49.024 I/DOTNET  (16085):    at System.Net.Http.RedirectHandler.SendAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationT
[DOTNET] oken) in System.Net.Http.dll:token 0x6000787+0x94
[DOTNET]    at Microsoft.Extensions.Http.Logging.LoggingHttpMessageHandler.SendAsync(HttpRequestMessage request, CancellationToken cancellationToken) in Microsoft.Extensions.Http.dll:token 0x60000c3+0xd7
[DOTNET]    at MauiB
[DOTNET] lazor.Shared.Common.AuthorizationDelegatingHandler.SendAsync(HttpRequestMessage request, CancellationToken cancellationToken) in D:\GitHub\CleanArchitecture\src\ClientApps\MauiBlazor.Shared\Common\AuthorizationDelegatingHandler.cs:line 43
[DOTNET]    at Microsoft.E
[DOTNET] xtensions.Http.Logging.LoggingScopeHttpMessageHandler.SendAsync(HttpRequestMessage request, CancellationToken cancellationToken) in Microsoft.Extensions.Http.dll:token 0x60000c8+0xef
[DOTNET] ge request, HttpCompletionOption completionOption, CancellationTokenSource cts, Boolean disposeCts, CancellationTokenSource pendingRequestsCts, CancellationToken originalCancellationToken) in System.Net.Http.dll:token 0x600022f+0x1b7
[DOTNET] lazor.Shared.Common.AuthorizationDelegatingHandler.SendAsync(HttpRequestMessage request, CancellationToken cancellationToken) in D:\GitHub\CleanArchitecture\src\ClientApps\MauiBlazor.Shared\Common\Authoriz07-16 12:39:49.025 I/DOTNET  (16085):    at MauiBlazor.Share
[DOTNET] d.Services.UserService.LoginAsync(LoginModel loginModel) in D:\GitHub\CleanArchitecture\src\ClientApps\MauiBlazor.Shared\Services\UserService.cs:line 132
[DOTNET]    at MauiBlazorApp.Components.IdentityComponents.LoginComponent.HandleValidSubmitAsync() in D:\GitHub
[DOTNET] \CleanArchitecture\src\ClientApps\MauiBlazorApp\MauiBlazorApp\Components\IdentityComponents\LoginComponent.razor.cs:line 51

There is no CORS issue because the API app is allowing any origin as follows:

services.AddCors(options =>
{
    options.AddPolicy(myAllowSpecificOrigins, builder =>
    {
        builder
        .AllowAnyHeader()
        .AllowAnyMethod()
        .AllowCredentials()
        .SetIsOriginAllowed(_ => true);
    });
});

Please help me how can I overcome the issue so that I can make requests to the ASP.NET Core REST endpoints from .NET MAUI Blazor app successfully. Thanks in advance.

About this issue

Original URL
State: closed
Created 3 years ago
Reactions: 5
Comments: 49 (25 by maintainers)

Commits related to this issue

[Mono.Android] custom validation callback for server certificates in HTTP handlers (#6665) Context: https://github.com/dotnet/runtime/issues/62966 The `AndroidClientHandler` and `AndroidMessageHan... — committed to xamarin/xamarin-android by simonrozsival 2 years ago
[Mono.Android] custom validation callback for server certificates in HTTP handlers (#6665) Backport of: https://github.com/xamarin/xamarin-android/pull/6665 Context: https://github.com/dotnet/runtime... — committed to jonathanpeppers/xamarin-android by simonrozsival 2 years ago
[Mono.Android] custom validation callback for server certificates in HTTP handlers (#6972) * [Mono.Android] custom validation callback for server certificates in HTTP handlers (#6665) Backport of:... — committed to xamarin/xamarin-android by jonathanpeppers 2 years ago
https://github.com/dotnet/runtime/issues/62966 https://github.com/dotnet/runtime/issues/62966 https://github.com/xamarin/xamarin-android/pull/6665 — committed to danch15/MauiAndDevDemo by danch15 2 years ago

Most upvoted comments

@Eilon Here is the minimal repo to reproduce the issue: https://github.com/TanvirArjel/MauiDemo. After running both API and MAUI Blazor app in debug mode, please click on the FetchData menu and see the debug output.

This has been an irritating issue as this blocked my MAUI learning. Please let me know the update.

Thanks in advance.

TanvirArjel on Aug 5, 2021

I started a discussion topic on how to connect from Android emulators to a local ASP.NET Web API running on Windows: https://github.com/dotnet/maui/discussions/8131

Please check that out and let us know if you have any feedback on any of the solutions presented.

Eilon on Jun 16, 2022

@Eagle3386 ah alright that might very well be different. My helper is only for locally hosted sites (e.g. ASP.NET Core running on your Windows machine).

Eilon on Jun 16, 2022

Once it goes in, this should be fixed by https://github.com/xamarin/xamarin-android/pull/6665

steveisok on Feb 20, 2022

If you use AndroidMessageHandler in .NET 6 instead of HttpClientHandler, does the problem go away? I believe this is the preferred handler that properly implements SSL on Android. If you use the empty constructor for HttpClient, it should also use AndroidMessageHandler.

If a fix is needed for HttpClientHandler, we can probably move this to dotnet/runtime?

jonathanpeppers on Dec 17, 2021

@Eilon I shall give try once .NET 6.0 RC-1 is released. .NET 6.0 preview 7 has so many issues.

TanvirArjel on Sep 11, 2021

@TanvirArjel if you set up verbose logging on the ASP.NET Core app, can you see the request coming in from the Android emulator? As @AmSmart says, the fact that it’s an HTTP 400 implies that the server is receiving the HTTP request, but thinks that the client sent a bad request. If you can see from the server what it thinks the request is or what’s wrong with it, that could lead us to the answer.

Eilon on Sep 7, 2021

I don’t have the VS2022 preview installed and I don’t plan to install it soon, hence I can’t really run MAUI apps yet. Since you’re getting a 400, I’d advise you to debug it on the Server Side (Weather App), find out the content of the request that was sent from the Android app that led to a server-side error. That’ll give more clarity to discovering the bug.

Happy Coding!

AmSmart on Aug 29, 2021

Well, the above error is simply an HTTP Bad Request(400) which either means you are calling the HTTP endpoint wrongly or something is messed up on your server. Not really a MAUI issue anymore at this point.

Is there any documentation on how to use LetsEncrypt in MAUI?

Concerning this, I’d like to point out that Let’s Encrypt is a Certificate Authority that helps sign TLS (popularly called SSL) certificates so that your HTTPS connection can be trusted. That being said Let’s Encrypt interfaces with the ASP.NET Core part of the app and not MAUI. For development scenarios, dotnet helps provide locally trusted self-signed certificates on Windows and macOS using the command @Eilon provided earlier.

If however, you want to deploy your ASP.NET Core web app to production, Digital Ocean has a very nice blog on using Let’s Encrypt with ASP.NET Core and Nginx as a reverse proxy. If you want to deploy directly to Kestrel, you can follow guides from this dev.to blog.

I hope all of these helps you understand the whole thing better. I think you should close the issue as well, as the initial error wasn’t a bug but a feature.

Happy Coding!

AmSmart on Aug 27, 2021

OK I found the doc that discusses how to do this: https://docs.microsoft.com/xamarin/cross-platform/deploy-test/connect-to-local-web-services#bypass-the-certificate-security-check

You can do one of these:

Use HTTP (instead of HTTPS) during dev and local debugging, so there’s no HTTPS certificate needed at all
Follow the steps in that doc to skip cert checking on HTTPS in your Android and iOS apps
Use an HTTPS cert that is already trusted (I think LetsEncrypt might work for this?)

Eilon on Aug 20, 2021

Do you know if you have the ASP.NET Core HTTPS developer certificate installed?

Check out this post from Scott Hanselman: https://www.hanselman.com/blog/developing-locally-with-aspnet-core-under-https-ssl-and-selfsigned-certs

You might need to run this command line tool: dotnet dev-certs https --trust

Eilon on Aug 19, 2021

Hi @TanvirArjel I updated your project to be compatible with preview7/RC1 and it seems to work just fine for me. First I started the ASP.NET Core server so that the API would run on port 44393 (using HTTPS), then I deployed the WinUI project and ran it from the Start Menu (there’s a bug right now in VS where you can’t run the WinUI app directly), and it was able to do the HttpClient call to get the weather forecast.

You can see the changes I made to the app here: https://github.com/TanvirArjel/MauiDemo/pull/1

(I only changed things that changed in MAUI/Blazor/WinUI, I didn’t change any app code.)

Eilon on Aug 19, 2021