We have an MVC project using OWIN Framework to allow our users to authenticate using Twitter.
However starting today, we have been getting this exception when trying to authenticate:
System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.
Thanks to the power of open source we can see that the thumbprints for the twitter certificates have been coded in the Katana Project.
Microsoft.Owin.Security.Twitter.TwitterAuthenticationOptions
Recently some certificates must have changed and now the thumbprints no longer match.
Please add a new thumb print for the "VeriSign Class 3 Public Primary Certification Authority – G5" Certificate to your Twitter Auth Options in your Startup.Auth.cs
(for MVC users).
Change from the default:
app.UseTwitterAuthentication( consumerKey: "XXXX", consumerSecret: "XXX" );
with:
app.UseTwitterAuthentication(new TwitterAuthenticationOptions { ConsumerKey = "XXXX", ConsumerSecret = "XXXX", BackchannelCertificateValidator = new Microsoft.Owin.Security.CertificateSubjectKeyIdentifierValidator( new[] { // VeriSign Class 3 Secure Server CA - G2 "A5EF0B11CEC04103A34A659048B21CE0572D7D47", // VeriSign Class 3 Secure Server CA - G3 "0D445C165344C1827E1D20AB25F40163D8BE79A5", // VeriSign Class 3 Public Primary Certification Authority - G5 "7FD365A7C2DDECBBF03009F34339FA02AF333133", // Symantec Class 3 Secure Server CA - G4 "39A55D933676616E73A761DFA16A7E59CDE66FAD", // Symantec Class 3 EV SSL CA - G3 "add53f6680fe66e383cbac3e60922e3b4c412bed", // VeriSign Class 3 Primary CA - G5 "4eb6d578499b1ccf5f581ead56be3d9b6744a5e5", // DigiCert SHA2 High Assurance Server CA "5168FF90AF0207753CCCD9656462A212B859723B", // DigiCert High Assurance EV Root CA "B13EC36903F8BF4701D498261A0802EF63642BC3" }) });
Happy coding!