Export (0) Print
Expand All
0 out of 3 rated this helpful - Rate this topic

RemoteCertificateValidationCallback Delegate

Note: This delegate is new in the .NET Framework version 2.0.

Verifies the remote Secure Sockets Layer (SSL) certificate used for authentication.

Namespace: System.Net.Security
Assembly: System (in system.dll)

public delegate bool RemoteCertificateValidationCallback (
	Object sender,
	X509Certificate certificate,
	X509Chain chain,
	SslPolicyErrors sslPolicyErrors
)
/** @delegate */
public delegate boolean RemoteCertificateValidationCallback (
	Object sender, 
	X509Certificate certificate, 
	X509Chain chain, 
	SslPolicyErrors sslPolicyErrors
)
JScript supports the use of delegates, but not the declaration of new ones.

Parameters

sender

An object that contains state information for this validation.

certificate

The certificate used to authenticate the remote party.

chain

The chain of certificate authorities associated with the remote certificate.

sslPolicyErrors

One or more errors associated with the remote certificate.

Return Value

A Boolean value that determines whether the specified certificate is accepted for authentication.

The delegate's sslPolicyErrors argument contains any certificate errors returned by SSPI while authenticating the client or server. The Boolean value returned by the method invoked by this delegate determines whether the authentication is allowed to succeed.

This delegate is used with the SslStream class.

The following code example implements a method that is invoked by an instance of the RemoteCertificateValidationCallback class. If there are validation errors, this method displays them and returns false, which prevents communication with the unauthenticated server.

      
// The following method is invoked by the RemoteCertificateValidationDelegate.
public static bool ValidateServerCertificate(
      object sender,
      X509Certificate certificate,
      X509Chain chain,
      SslPolicyErrors sslPolicyErrors)
{
   if (sslPolicyErrors == SslPolicyErrors.None)
        return true;

    Console.WriteLine("Certificate error: {0}", sslPolicyErrors);
    
    // Do not allow this client to communicate with unauthenticated servers.
    return false;
}

The following code example creates the delegate using the method defined in the preceding code example.

// Create a TCP/IP client socket.
// machineName is the host running the server application.
TcpClient client = new TcpClient(machineName,443);
Console.WriteLine("Client connected.");
// Create an SSL stream that will close the client's stream.
SslStream sslStream = new SslStream(
    client.GetStream(), 
    false, 
    new RemoteCertificateValidationCallback (ValidateServerCertificate), 
    null
    );
// The server name must match the name on the server certificate.
try 
{
    sslStream.AuthenticateAsClient(serverName);
} 
catch (AuthenticationException e)
{
    Console.WriteLine("Exception: {0}", e.Message);
    if (e.InnerException != null)
    {
        Console.WriteLine("Inner exception: {0}", e.InnerException.Message);
    }
    Console.WriteLine ("Authentication failed - closing the connection.");
    client.Close();
    return;
}

Windows 98, Windows 2000 SP4, Windows Millennium Edition, Windows Server 2003, Windows XP Media Center Edition, Windows XP Professional x64 Edition, Windows XP SP2, Windows XP Starter Edition

The .NET Framework does not support all versions of every platform. For a list of the supported versions, see System Requirements.

.NET Framework

Supported in: 2.0
Did you find this helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

ADD
Show:
© 2014 Microsoft. All rights reserved.