When I was writing a .NET6 API today, I used the Dapper framework to configure the database connection. After the configuration, an error occurred when linking to the DB. I found that the error was caused by Microsoft.Data.SqlClient. Using System.Data.SqlClient can be normal Access, the error message is as follows:
A connection was successfully established with the server, but then an error occurred during the login process. (provider: SSL Provider, error: 0 - The certificate chain was issued by an untrusted authority.)"
System.Data.SqlClient is a legacy provider for .NET Framework using ADO.NET.
Released in 2019, the Microsoft.Data.SqlClient package is a new package that supports both .NET Core and .NET Framework.
After consulting the information on the Internet, it turns out that when the Microsoft.Data.SqlClient package is connected to the database, the default encryption value is True, so it will verify the server TLS/SSL certificate, resulting in an error: the certificate chain is issued by an untrusted authority of.
Option One:
In fact, the solution is very simple, just add the Encrypt=false; string after the DB connection string to solve the problem.
//示例 在DB链接字符串末尾加上 encrypt=false;
"ConnectionStrings": {
"Default": "Data Source=.;Initial Catalog=AuoUserdata;User Id=sa;Password=sa123;Trusted_Connection=True;Encrypt=false;"
}Microsoft's official documentation states:
The default value of the connection setting has been false changed from to true . With the growing use of cloud databases and the need to ensure those connections are secure, it's time for this backwards-compatibility-breaking change.
The default value of the connection setting has been changed from false to true. With the growing use of cloud databases and the need to secure those connections, the time has come for this backward compatibility breaking change.
Portal: New feature of Microsoft.Data.SqlClient 4.0 - encryption default is set to true
Option II:
Because the Microsoft.Data.SqlClient link database will verify the server TLS/SSL certificate by default, so we only need to add automatic trust server security to skip the verification certificate.
//示例 在DB链接字符串末尾加上 trustServerCertificate=true;
"ConnectionStrings": {
"Default": "Data Source=.;Initial Catalog=AuoUserdata;User Id=sa;Password=sa123;trustServerCertificate=true;"
}
trustServerCertificate
True if the server Transport Layer Security (TLS) (formerly Secure Sockets Layer (SSL)) certificate should be automatically trusted when the communication layer is encrypted using TLS. Otherwise false .
Remark
If the trustServerCertificate property is set to true, the SQL Server TLS/SSL certificate is automatically trusted when using the TLS encrypted communication layer. In other words, the Microsoft JDBC Driver for SQL Server will not validate the SQL Server TLS/SSL certificate. The default value is false .
If the trustServerCertificate property is set to false, the Microsoft JDBC Driver for SQL Server will verify the server TLS/SSL certificate.
Portal: setTrustServerCertificate method
Conclusion:
Choose one of the above two solutions to solve the problem. If there is something wrong, please correct me. It is not easy to organize, please give a like or follow , thank you!
reference:
Reprint please indicate the source: https://blog.csdn.net/Csongxuan/article/details/130335700