I'm having trouble connecting to a server using a certificate so they've temporarily opened a port with no security for our testing.

The problem is that if I set the SASL Profile on the ConnectionFactory to External or Anonymous it still seems to be doing SASL validation and I get "Sasl negotiation failed with code Auth".

I've been told I need to set the profile to Plain but that isn't available in the SaslProfile object, even though I can see the PlainName in the non-public member:

I tried using SaslPlainProfile but it's marked as Internal so I don't have access:

How do I connect with a Plain profile?

Include user name and password in the Address Uri to enable SASL PLAIN. Note that they need to be URL encoded. We will make SaslPlainProfile public to avoid such confusion and improve usability. Thanks.

Thanks for that but I think I'm already doing what you suggest:

Do I have something wrong?

1. When you construct the address by providing all components, user name and password should not be URL encoded. They need to be provided as is. Only when you create the Address from a Uri string, the user name and password need to encoded in the string. It is purely for URL parsing, just like other type of URL strings.
2. Since you mentioned client certificate, the connection should use TLS, and the address scheme needs to be "AMQPS".

1. Okay, so that gives me this, which still gets the "Sasl negotiation failed with code Auth" error:

Should I not be using this constructor to create the Address object?

2. Yes, that's fine, this is for getting to the unsecured port.

Either constructor should work fine, depending on what you have and which one is convenient. Please enable tracing to see where the error came from (instructions here: https://github.com/Azure/amqpnetlite/blob/master/docs/articles/tracing.md).

You should get something like the following.

[03:47:40.630] SEND AMQP 3 1 0 0
[03:47:40.639] RECV AMQP 3 1 0 0
[03:47:40.650] RECV sasl-mechanisms(sasl-server-mechanisms:[ANONYMOUS,PLAIN])
[03:47:40.654] SEND sasl-init(mechanism:PLAIN,initial-response:...,hostname:localhost)
[03:47:40.659] RECV sasl-outcome(code:Ok)

If the error comes from the SASL outcome, then the credentials you sent was not accepted by the server.

Okay, I get this:

[10:59:52.768] SEND AMQP 3 1 0 0
[10:59:52.803] RECV sasl-mechanisms(sasl-server-mechanisms:[PLAIN,ANONYMOUS])
[10:59:52.810] SEND sasl-init(mechanism:PLAIN,initial-response:...,hostname:203.4.179.118)
[10:59:52.829] RECV sasl-outcome(code:Auth)

So does that mean that I am sending in PLAIN but the other end is rejecting my connection?

Yes, the server rejected the SASL negotiation. There could be several reasons. The credentials are incorrect, or the server does not like SASL PLAIN over plain tcp connection for security reasons, or the server may do extra check on the hostname for any arbitrary reason. The only way to find out is to get some one who can take a look at the server side to see what went wrong.

I contacted the server owner and it turns out they do validate the username and password and I had two characters missing off the password.

Thanks for your help, all good now, but please do still make SaslPlainProfile public.