Andr谩s T贸th‘s professional blog
banditoth.net

Hey there 馃憢, I’m banditoth a .NET MAUI developer from Hungary.
I write about software development with .NET technologies.

You can find me on:
LinkedIn | Github | StackOverflow | X / Twitter | Threads

Tag: http

  • Xamarin.Forms: Bypass SSL Certificate validation on Android

    This content has 4 years. Some of the information in this post may be out of date or no longer work. Please, read this page keeping its age in your mind.

    Disclaimer: Bypassing SSL Certificate validation in production releases are not recommended. It can make your application vulnerable by hackers and reverse engineers, and your users will be unprotected from the bad guys. Consider to use the following codes with compile directives.

    But in the other hand, it can be handful to just ignore the certification errors in development enviroment. Local machines has self signed certificates, and it is easier to just bypass the validation method, rather than set the self signed certificate acceptance in our client applications.

    In Xamarin.Android (Lower than Android 10) and Xamarin.iOS, use the ServicePointManager in order to make your own certificate validator algorithm. The code below just accepts every cert.

    ServicePointManager.ServerCertificateValidationCallback =
                (message, certificate, chain, sslPolicyErrors) => true;
    

    To bring Android 10 also to work, construct your HttpClient with the following constructor:

                var httpClientHandler = new HttpClientHandler();
    #if DEBUG
                httpClientHandler.ServerCertificateCustomValidationCallback =
                    (message, certificate, chain, sslPolicyErrors) => true;
    #endif
                var httpClient= new HttpClient(httpClientHandler);
    
  • [Xamarin.Android]: Cleartext HTTP traffic to not permitted

    This content has 4 years. Some of the information in this post may be out of date or no longer work. Please, read this page keeping its age in your mind.

    If your Android application gives the following error, when trying to use a HttpClient:

    Java.IO.IOException: 'Cleartext HTTP traffic to 192.168.0.10 not permitted'
    

    Set usesClearTraffic property to true in the AndroidManifest.xml:

    <application android:label="MobileSolution.Android" 
    	     android:theme="@style/MainTheme"
                 android:usesCleartextTraffic="true">
    		
    </application>
    

    The restriction was introduced in Android 8. More explanation: https://koz.io/android-m-and-the-war-on-cleartext-traffic/