Add guidance when connecting to a SQL Server using untrusted cetrific…

…ate (#15210)

src/OrchardCore.Modules/OrchardCore.Tenants/Services/TenantValidator.cs

@@ -136,6 +136,12 @@ private async Task ValidateConnectionAsync(DbConnectionValidatorContext validati
                         S["The provided connection string is invalid or server is unreachable."]));
                     break;
 
+                case DbConnectionValidatorResult.InvalidCertificate:
+                    errors.Add(new ModelError(
+                        nameof(TenantViewModel.ConnectionString),
+                        S["The security certificate on the server is from a non-trusted source (the certificate issuing authority isn't listed as a trusted authority in Trusted Root Certification Authorities on the client machine). In a development environment, you have the option to use the '{0}' parameter in your connection string to bypass the validation performed by the certificate authority.", "TrustServerCertificate=True"]));
+                    break;
+
                 case DbConnectionValidatorResult.DocumentTableFound:
                     if (validationContext.DatabaseProvider == DatabaseProviderValue.Sqlite)
                     {

src/OrchardCore/OrchardCore.Data.Abstractions/DbConnectionValidatorResult.cs

@@ -38,5 +38,12 @@ public enum DbConnectionValidatorResult
     /// <summary>
     /// Unsupported database provider.
     /// </summary>
-    UnsupportedProvider
+    UnsupportedProvider,
+
+    /// <summary>
+    /// The connection was valid but the SSL certificate is invalid. The certificate 
+    /// is from a non-trusted source (the certificate issuing authority isn't listed as a
+    /// trusted authority in Trusted Root Certification Authorities on the client machine).
+    /// </summary>
+    InvalidCertificate,
 }

src/OrchardCore/OrchardCore.Data.YesSql/DbConnectionValidator.cs

@@ -100,6 +100,12 @@ connection is SqliteConnection sqliteConnection &&
             {
                 _logger.LogWarning(ex, "Unable to validate connection string.");
 
+                if (ex is SqlException sqlException
+                    && sqlException.InnerException?.Message == "The certificate chain was issued by an authority that is not trusted.")
+                {
+                    return DbConnectionValidatorResult.InvalidCertificate;
+                }
+
                 return DbConnectionValidatorResult.InvalidConnection;
             }
 

src/OrchardCore/OrchardCore.Setup.Core/SetupService.cs

@@ -178,6 +178,9 @@ private async Task<string> SetupInternalAsync(SetupContext context)
                 case DbConnectionValidatorResult.InvalidConnection:
                     context.Errors.Add(string.Empty, S["The provided connection string is invalid or server is unreachable."]);
                     break;
+                case DbConnectionValidatorResult.InvalidCertificate:
+                    context.Errors.Add(string.Empty, S["The security certificate on the server is from a non-trusted source (the certificate issuing authority isn't listed as a trusted authority in Trusted Root Certification Authorities on the client machine). In a development environment, you have the option to use the '{0}' parameter in your connection string to bypass the validation performed by the certificate authority.", "TrustServerCertificate=True"]);
+                    break;
                 case DbConnectionValidatorResult.DocumentTableFound:
                     context.Errors.Add(string.Empty, S["The provided database, table prefix and schema are already in use."]);
                     break;