Validates a server certificate.
(in System.dll)
Visual Basic (Declaration)
Public Interface ICertificatePolicy
Dim instance As ICertificatePolicy
public interface ICertificatePolicy
public interface class ICertificatePolicy
public interface ICertificatePolicy
The ICertificatePolicy interface is used to provide custom security certificate validation for an application. The default policy is to allow valid certificates, as well as valid certificates that have expired. To change this policy, implement the ICertificatePolicy interface with a different policy, and then assign that policy to ServicePointManager..::.CertificatePolicy.
ICertificatePolicy uses the Security Support Provider Interface (SSPI). For more information, see the SSPI documentation on MSDN.
The following example creates a certificate policy that returns false for any certificate problem and prints a message that indicates the problem on the console. The CertificateProblem enum defines SSPI constants for certificate problems, and the private GetProblemMessage method creates a printable message about the problem.
Public Enum CertificateProblem As Long
CertEXPIRED = 2148204801 ' 0x800B0101
CertVALIDITYPERIODNESTING = 2148204802 ' 0x800B0102
CertROLE = 2148204803 ' 0x800B0103
CertPATHLENCONST = 2148204804 ' 0x800B0104
CertCRITICAL = 2148204805 ' 0x800B0105
CertPURPOSE = 2148204806 ' 0x800B0106
CertISSUERCHAINING = 2148204807 ' 0x800B0107
CertMALFORMED = 2148204808 ' 0x800B0108
CertUNTRUSTEDROOT = 2148204809 ' 0x800B0109
CertCHAINING = 2148204810 ' 0x800B010A
CertREVOKED = 2148204812 ' 0x800B010C
CertUNTRUSTEDTESTROOT = 2148204813 ' 0x800B010D
CertREVOCATION_FAILURE = 2148204814 ' 0x800B010E
CertCN_NO_MATCH = 2148204815 ' 0x800B010F
CertWRONG_USAGE = 2148204816 ' 0x800B0110
CertUNTRUSTEDCA = 2148204818 ' 0x800B0112
End Enum
Public Class MyCertificateValidation
Implements ICertificatePolicy
' Default policy for certificate validation.
Public Shared DefaultValidate As Boolean = False
Public Function CheckValidationResult(srvPoint As ServicePoint, _
cert As X509Certificate, request As WebRequest, problem As Integer) _
As Boolean Implements ICertificatePolicy.CheckValidationResult
Dim ValidationResult As Boolean = False
Console.WriteLine(("Certificate Problem with accessing " & _
request.RequestUri.ToString()))
Console.Write("Problem code 0x{0:X8},", CInt(problem))
Console.WriteLine(GetProblemMessage(CType(problem, _
CertificateProblem)))
ValidationResult = DefaultValidate
Return ValidationResult
End Function
Private Function GetProblemMessage(Problem As CertificateProblem) As String
Dim ProblemMessage As String = ""
Dim problemList As New CertificateProblem()
Dim ProblemCodeName As String = System.Enum.GetName( _
problemList.GetType(), Problem)
If Not (ProblemCodeName Is Nothing) Then
ProblemMessage = ProblemMessage + "-Certificateproblem:" & _
ProblemCodeName
Else
ProblemMessage = "Unknown Certificate Problem"
End If
Return ProblemMessage
End Function
End Class
public enum CertificateProblem : long
{
CertEXPIRED = 0x800B0101,
CertVALIDITYPERIODNESTING = 0x800B0102,
CertROLE = 0x800B0103,
CertPATHLENCONST = 0x800B0104,
CertCRITICAL = 0x800B0105,
CertPURPOSE = 0x800B0106,
CertISSUERCHAINING = 0x800B0107,
CertMALFORMED = 0x800B0108,
CertUNTRUSTEDROOT = 0x800B0109,
CertCHAINING = 0x800B010A,
CertREVOKED = 0x800B010C,
CertUNTRUSTEDTESTROOT = 0x800B010D,
CertREVOCATION_FAILURE = 0x800B010E,
CertCN_NO_MATCH = 0x800B010F,
CertWRONG_USAGE = 0x800B0110,
CertUNTRUSTEDCA = 0x800B0112
}
public class MyCertificateValidation : ICertificatePolicy
{
// Default policy for certificate validation.
public static bool DefaultValidate = false;
public bool CheckValidationResult(ServicePoint sp, X509Certificate cert,
WebRequest request, int problem)
{
bool ValidationResult=false;
Console.WriteLine("Certificate Problem with accessing " +
request.RequestUri);
Console.Write("Problem code 0x{0:X8},",(int)problem);
Console.WriteLine(GetProblemMessage((CertificateProblem)problem));
ValidationResult = DefaultValidate;
return ValidationResult;
}
private String GetProblemMessage(CertificateProblem Problem)
{
String ProblemMessage = "";
CertificateProblem problemList = new CertificateProblem();
String ProblemCodeName = Enum.GetName(problemList.GetType(),Problem);
if(ProblemCodeName != null)
ProblemMessage = ProblemMessage + "-Certificateproblem:" +
ProblemCodeName;
else
ProblemMessage = "Unknown Certificate Problem";
return ProblemMessage;
}
}
public enum class CertificateProblem : UInt32
{
CertEXPIRED = 0x800B0101,
CertVALIDITYPERIODNESTING = 0x800B0102,
CertROLE = 0x800B0103,
CertPATHLENCONST = 0x800B0104,
CertCRITICAL = 0x800B0105,
CertPURPOSE = 0x800B0106,
CertISSUERCHAINING = 0x800B0107,
CertMALFORMED = 0x800B0108,
CertUNTRUSTEDROOT = 0x800B0109,
CertCHAINING = 0x800B010A,
CertREVOKED = 0x800B010C,
CertUNTRUSTEDTESTROOT = 0x800B010D,
CertREVOCATION_FAILURE = 0x800B010E,
CertCN_NO_MATCH = 0x800B010F,
CertWRONG_USAGE = 0x800B0110,
CertUNTRUSTEDCA = 0x800B0112
};
public ref class MyCertificateValidation: public ICertificatePolicy
{
public:
// Default policy for certificate validation.
static bool DefaultValidate = false;
virtual bool CheckValidationResult( ServicePoint^ /*sp*/, X509Certificate^ /*cert*/, WebRequest^ request, int problem )
{
bool ValidationResult = false;
Console::WriteLine( "Certificate Problem with accessing {0}", request->RequestUri );
Console::Write( "Problem code 0x{0:X8},", (int)problem );
Console::WriteLine( GetProblemMessage( (CertificateProblem)problem ) );
ValidationResult = DefaultValidate;
return ValidationResult;
}
private:
String^ GetProblemMessage( CertificateProblem Problem )
{
String^ ProblemMessage = "";
CertificateProblem problemList = CertificateProblem( );
String^ ProblemCodeName = Enum::GetName( problemList.GetType(), Problem );
if ( ProblemCodeName != nullptr )
ProblemMessage = String::Concat( ProblemMessage, "-Certificateproblem:", ProblemCodeName );
else
ProblemMessage = "Unknown Certificate Problem";
return ProblemMessage;
}
};
Windows 7, Windows Vista, Windows XP SP2, Windows XP Media Center Edition, Windows XP Professional x64 Edition, Windows XP Starter Edition, Windows Server 2008 R2, Windows Server 2008, Windows Server 2003, Windows Server 2000 SP4, Windows Millennium Edition, Windows 98, Windows CE, Windows Mobile for Smartphone, Windows Mobile for Pocket PC
The .NET Framework and .NET Compact Framework do not support all versions of every platform. For a list of the supported versions, see .NET Framework System Requirements.
.NET Framework
Supported in: 3.5, 3.0, 2.0, 1.1, 1.0
.NET Compact Framework
Supported in: 3.5, 2.0, 1.0
Reference