Communities

Writing
Writing
Codidact Meta
Codidact Meta
The Great Outdoors
The Great Outdoors
Photography & Video
Photography & Video
Scientific Speculation
Scientific Speculation
Cooking
Cooking
Electrical Engineering
Electrical Engineering
Judaism
Judaism
Languages & Linguistics
Languages & Linguistics
Software Development
Software Development
Mathematics
Mathematics
Christianity
Christianity
Code Golf
Code Golf
Music
Music
Physics
Physics
Linux Systems
Linux Systems
Power Users
Power Users

Dashboard
Notifications
Mark all as read
Q&A

Is there any breaking change in regard to TrustServerCertificate property of System.Data.SqlClient for .NET 5?

+1
−0

I have recently an issue at work after upgrading an ASP.NET Core 3.1 application to .NET 5. It worked correctly on all environments (e.g. PreProd, Prod) when targeting 3.1, but failed on Prod only after upgrade to .NET 5.

The error was login related:

A connection was successfully established with the server, but then an error occurred during the login process.The target principal name is incorrect

And the solution was the one indicated by this answer, namely setting TrustServerCertificate=true in the connection string.

This was required because the PreProd SQL Server did not require encryption, while the Production one did.

However, I still do not understand why this happened.

Why does this post require moderator attention?
You might want to add some details to your flag.
Why should this post be closed?

0 comments

1 answer

+0
−0

I think I have found the cause of this issue:

Changes default behavior of driver to not validate server certificate if client did not request encryption with "encrypt=true" but encryption was enforced by SQL Server.

This is also mentioned in the SQL Client 2.0 breaking changes:

The driver will now perform Server Certificate validation when TLS encryption is enforced by the target Server, which is the default for Azure connections

Why does this post require moderator attention?
You might want to add some details to your flag.

0 comments

Sign up to answer this question »