2

I'm writing a Windows RT / Windows Store app and the service that the app wraps authenticates using OAuth. Previously the OAuth requests were going to my server over HTTP, but I wanted to instead upgrade to HTTPS. I am using a self-signed certificate for the SSL communications to my server. However it appears that the WebAuthenticationBroker fails (without returning from the AuthenticateAsync method).

I thought it was working when I tested in fiddler but to decrypt traffic I believe fiddler intercepts so I can't really inspect what webauthenticationbroker is doing (when using fiddler, and telling fiddler to ignore self-signed concerns, the app works as intended)

Richthofen
  • 2,076
  • 19
  • 39
  • Is [`ServicePointManager`](http://msdn.microsoft.com/en-us/library/system.net.servicepointmanager%28v=vs.100%29.aspx) available to you? If so, I believe you set the [ServerCertificateValidationCallback](http://msdn.microsoft.com/en-us/library/system.net.servicepointmanager.servercertificatevalidationcallback%28v=vs.100%29.aspx) and verify your self signed cert in the callback. ***N.B.***: its not acceptable to simply return `true` because that performs no validation. – jww Aug 03 '14 at 02:35

0 Answers0