Skip to content

Commit

Permalink
Add guidance when connecting to a SQL Server using untrusted cetrific…
Browse files Browse the repository at this point in the history
  • Loading branch information
MikeAlhayek authored and urbanit committed Mar 18, 2024
1 parent 64dea53 commit a295c92
Show file tree
Hide file tree
Showing 4 changed files with 23 additions and 1 deletion.
Original file line number Diff line number Diff line change
Expand Up @@ -136,6 +136,12 @@ private async Task ValidateConnectionAsync(DbConnectionValidatorContext validati
S["The provided connection string is invalid or server is unreachable."]));
break;

case DbConnectionValidatorResult.InvalidCertificate:
errors.Add(new ModelError(
nameof(TenantViewModel.ConnectionString),
S["The security certificate on the server is from a non-trusted source (the certificate issuing authority isn't listed as a trusted authority in Trusted Root Certification Authorities on the client machine). In a development environment, you have the option to use the '{0}' parameter in your connection string to bypass the validation performed by the certificate authority.", "TrustServerCertificate=True"]));
break;

case DbConnectionValidatorResult.DocumentTableFound:
if (validationContext.DatabaseProvider == DatabaseProviderValue.Sqlite)
{
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -38,5 +38,12 @@ public enum DbConnectionValidatorResult
/// <summary>
/// Unsupported database provider.
/// </summary>
UnsupportedProvider
UnsupportedProvider,

/// <summary>
/// The connection was valid but the SSL certificate is invalid. The certificate
/// is from a non-trusted source (the certificate issuing authority isn't listed as a
/// trusted authority in Trusted Root Certification Authorities on the client machine).
/// </summary>
InvalidCertificate,
}
Original file line number Diff line number Diff line change
Expand Up @@ -100,6 +100,12 @@ connection is SqliteConnection sqliteConnection &&
{
_logger.LogWarning(ex, "Unable to validate connection string.");

if (ex is SqlException sqlException
&& sqlException.InnerException?.Message == "The certificate chain was issued by an authority that is not trusted.")
{
return DbConnectionValidatorResult.InvalidCertificate;
}

return DbConnectionValidatorResult.InvalidConnection;
}

Expand Down
3 changes: 3 additions & 0 deletions src/OrchardCore/OrchardCore.Setup.Core/SetupService.cs
Original file line number Diff line number Diff line change
Expand Up @@ -178,6 +178,9 @@ private async Task<string> SetupInternalAsync(SetupContext context)
case DbConnectionValidatorResult.InvalidConnection:
context.Errors.Add(string.Empty, S["The provided connection string is invalid or server is unreachable."]);
break;
case DbConnectionValidatorResult.InvalidCertificate:
context.Errors.Add(string.Empty, S["The security certificate on the server is from a non-trusted source (the certificate issuing authority isn't listed as a trusted authority in Trusted Root Certification Authorities on the client machine). In a development environment, you have the option to use the '{0}' parameter in your connection string to bypass the validation performed by the certificate authority.", "TrustServerCertificate=True"]);
break;
case DbConnectionValidatorResult.DocumentTableFound:
context.Errors.Add(string.Empty, S["The provided database, table prefix and schema are already in use."]);
break;
Expand Down

0 comments on commit a295c92

Please sign in to comment.