CONNECT failed: RefusedNotAuthorized C# about azure-iot-sdk-csharp HOT 20 CLOSED

This appears to be the root cause of the issue that you are facing. You will need to provide a .pfx file as input to the device client. The .pfx file should contain the private key of the cert generated. This private key will not be transmitted over the wire. But, it will be used to prove to the server that it is indeed the owner of the cert.

Our apologies that the documentation does not state this explicitly. We will update it to reflect this.

from azure-iot-sdk-csharp.

@CRACKbomber - Closing issue. Please let us know if still having problems.

from azure-iot-sdk-csharp.

looks like the cert that you are using is not valid? It's authorization exception.

from azure-iot-sdk-csharp.

It is a valid cert. It is our root dc cert. From my understanding the hub only holds onto the x509 thumbprint and when you want to connect it compares the stored thumprint to the one supplied with the auth mechanism.

from azure-iot-sdk-csharp.

Can you try adding a receiveAsync call in your code after the following line ?
_client = DeviceClient.Create("pc-iothub01.azure-devices.net", certAuth, TransportType.Mqtt);
_client.ReceiveAsync(TimeSpan.FromSeconds(2)).Wait();

from azure-iot-sdk-csharp.

Same thing, {"CONNECT failed: RefusedNotAuthorized"}

from azure-iot-sdk-csharp.

I have created a simple console app which uses X.509 certs and device methods. It works on my IoT Hub. Can you plug in the constant values at the top and try it out on your IoT hub and X.509 device?

X509-Mqtt-Methods.zip

from azure-iot-sdk-csharp.

Nope, same issue. I added the following to add the device and then try to auth. Still getting the same issue.

`var x509Certificate = GetX509Cert(CertSerial);

Device newDevice = new Device("TestingSSL");

newDevice.Authentication = new AuthenticationMechanism() { X509Thumbprint = new X509Thumbprint() { PrimaryThumbprint = x509Certificate.Thumbprint } };

RegistryManager registryManager = RegistryManager.CreateFromConnectionString(IotHubConnectionString);

await registryManager.AddDeviceAsync(newDevice);
Console.WriteLine("Retrieving Device using X.509 certificate for authentication");
var device = await registryManager.GetDeviceAsync("TestingSSL");`

from azure-iot-sdk-csharp.

From the service-side logs, it appears that the service is not receiving the client certificate.

Can you try changing the transport protocol to MQTT over Websocket like this:
_client = DeviceClient.Create("pc-iothub01.azure-devices.net", certAuth, TransportType.Mqtt_WebSocket_Only);

You could also try using another protocol like Amqp or Http:
__client = DeviceClient.Create("pc-iothub01.azure-devices.net", certAuth, TransportType.Amqp);
__client = DeviceClient.Create("pc-iothub01.azure-devices.net", certAuth, TransportType.Http1);

This will help us narrow down the issue that you are facing. Also, let us know which version of Windows the client is running on.

from azure-iot-sdk-csharp.

Here is my windows info.

from azure-iot-sdk-csharp.

_client = DeviceClient.Create("pc-iothub01.azure-devices.net", certAuth, TransportType.Mqtt_WebSocket_Only);
Same unauthorized message

__client = DeviceClient.Create("pc-iothub01.azure-devices.net", certAuth, TransportType.Amqp);
Message = "The method or operation is not implemented."

__client = DeviceClient.Create("pc-iothub01.azure-devices.net", certAuth, TransportType.Http1);
It seems to work but when I try to invoke a method from a service client it gives
Message = "Device {"Message":"ErrorCode:DeviceNotOnline;Timed out waiting for device to connect.","ExceptionMessage":"Tracking ID:14d6bb5f477048198af4840d9279d68f-G:2-TimeStamp:03/08/2017 12:17:57"} not registered"

from azure-iot-sdk-csharp.

@CRACKbomber - Can you please provide which version of the SDK your are using? Thanks.

from azure-iot-sdk-csharp.

Microsoft.Azure.Devices.Client 1.2.4
Microsoft.Azure.Devices.Shared 1.0.7
Microsoft.Azure.Amqp 2.0.4

from azure-iot-sdk-csharp.

@CRACKbomber - Can you try using a self-signed cert - https://technet.microsoft.com/itpro/powershell/windows/pki/new-selfsignedcertificate ?

from azure-iot-sdk-csharp.

@rajeevmv I have

from azure-iot-sdk-csharp.

@CRACKbomber ,

Can you share a self-signed cert that fails for you here? Please note that this should be a throwaway cert that you do not plan to use for any other purpose. I can try to use that cert using the sample I posted above and check if it works for me. I will need the private key as well in this case.

from azure-iot-sdk-csharp.

There is no private key in my cert.
pc-iothub01.zip

from azure-iot-sdk-csharp.

I will need a pfx file (which contains the private key) along with a password to read the file. (FYI: https://security.stackexchange.com/questions/29425/difference-between-pfx-and-cert-certificates). This is because the client will need the private key in order to successfully complete the TLS handshake with the service.

from azure-iot-sdk-csharp.

@rajeevmv Can you tell me how o make .pfx file. Any step by step helper link? I have same issue now.

from azure-iot-sdk-csharp.

Take a look at this link: http://windowsitpro.com/blog/creating-self-signed-certificates-powershell

from azure-iot-sdk-csharp.