ICertificatePolicy Interface
This page is specific to:.NET Framework Version:1.12.03.03.54.0
.NET Framework Class Library
ICertificatePolicy Interface

Validates a server certificate.

Namespace:  System.Net
Assembly:  System (in System.dll)
Syntax

'Usage

Dim instance As ICertificatePolicy

'Declaration

Public Interface ICertificatePolicy
Remarks

The ICertificatePolicy interface is used to provide custom security certificate validation for an application. The default policy is to allow valid certificates, as well as valid certificates that have expired. To change this policy, implement the ICertificatePolicy interface with a different policy, and then assign that policy to ServicePointManager..::.CertificatePolicy.

ICertificatePolicy uses the Security Support Provider Interface (SSPI). For more information, see the SSPI documentation on MSDN.

Examples

The following example creates a certificate policy that returns false for any certificate problem and prints a message that indicates the problem on the console. The CertificateProblem enum defines SSPI constants for certificate problems, and the private GetProblemMessage method creates a printable message about the problem.

Public Enum CertificateProblem As Long
    CertEXPIRED                   = 2148204801    ' 0x800B0101
    CertVALIDITYPERIODNESTING     = 2148204802    ' 0x800B0102
    CertROLE                      = 2148204803    ' 0x800B0103
    CertPATHLENCONST              = 2148204804    ' 0x800B0104
    CertCRITICAL                  = 2148204805    ' 0x800B0105
    CertPURPOSE                   = 2148204806    ' 0x800B0106
    CertISSUERCHAINING            = 2148204807    ' 0x800B0107
    CertMALFORMED                 = 2148204808    ' 0x800B0108
    CertUNTRUSTEDROOT             = 2148204809    ' 0x800B0109
    CertCHAINING                  = 2148204810    ' 0x800B010A
    CertREVOKED                   = 2148204812    ' 0x800B010C
    CertUNTRUSTEDTESTROOT         = 2148204813    ' 0x800B010D       
    CertREVOCATION_FAILURE        = 2148204814    ' 0x800B010E
    CertCN_NO_MATCH               = 2148204815    ' 0x800B010F
    CertWRONG_USAGE               = 2148204816    ' 0x800B0110
    CertUNTRUSTEDCA               = 2148204818     ' 0x800B0112
End Enum


Public Class MyCertificateValidation
    Implements ICertificatePolicy

    ' Default policy for certificate validation.
    Public Shared DefaultValidate As Boolean = False    

    Public Function CheckValidationResult(srvPoint As ServicePoint, _
       cert As X509Certificate, request As WebRequest, problem As Integer) _
       As Boolean Implements ICertificatePolicy.CheckValidationResult

        Dim ValidationResult As Boolean = False
        Console.WriteLine(("Certificate Problem with accessing " & _
           request.RequestUri.ToString()))
        Console.Write("Problem code 0x{0:X8},", CInt(problem))
        Console.WriteLine(GetProblemMessage(CType(problem, _
           CertificateProblem)))

        ValidationResult = DefaultValidate
        Return ValidationResult
    End Function    

    Private Function GetProblemMessage(Problem As CertificateProblem) As String
        Dim ProblemMessage As String = ""
        Dim problemList As New CertificateProblem()
        Dim ProblemCodeName As String = System.Enum.GetName( _
           problemList.GetType(), Problem)
        If Not (ProblemCodeName Is Nothing) Then
            ProblemMessage = ProblemMessage + "-Certificateproblem:" & _
               ProblemCodeName
        Else
            ProblemMessage = "Unknown Certificate Problem"
        End If
        Return ProblemMessage
    End Function
End Class



 public  __value enum    CertificateProblem  : long
 {
         CertEXPIRED                   = 0x800B0101,
         CertVALIDITYPERIODNESTING     = 0x800B0102,
         CertROLE                      = 0x800B0103,
         CertPATHLENCONST              = 0x800B0104,
         CertCRITICAL                  = 0x800B0105,
         CertPURPOSE                   = 0x800B0106,
         CertISSUERCHAINING            = 0x800B0107,
         CertMALFORMED                 = 0x800B0108,
         CertUNTRUSTEDROOT             = 0x800B0109,
         CertCHAINING                  = 0x800B010A,
         CertREVOKED                   = 0x800B010C,
         CertUNTRUSTEDTESTROOT         = 0x800B010D,
         CertREVOCATION_FAILURE        = 0x800B010E,
         CertCN_NO_MATCH               = 0x800B010F,
         CertWRONG_USAGE               = 0x800B0110,
         CertUNTRUSTEDCA               = 0x800B0112
 };

 public __gc class MyCertificateValidation : public ICertificatePolicy
 {
     // Default policy for certificate validation.
public:
     static bool DefaultValidate = false; 

     bool CheckValidationResult(ServicePoint* /*sp*/, X509Certificate* /*cert*/,
        WebRequest* request, int problem)
     {        
         bool ValidationResult=false;
         Console::WriteLine(S"Certificate Problem with accessing {0}", request->RequestUri);
         Console::Write(S"Problem code 0x{0:X8},", __box((int)problem));
         Console::WriteLine(GetProblemMessage((CertificateProblem)problem));

         ValidationResult = DefaultValidate;
         return ValidationResult; 
     }

private:
     String* GetProblemMessage(CertificateProblem Problem)
     {
         String* ProblemMessage = S"";
         CertificateProblem problemList =  CertificateProblem();
         String* ProblemCodeName = Enum::GetName(__box(problemList)->GetType(),__box(Problem));
         if(ProblemCodeName != 0)
            ProblemMessage = String::Concat( ProblemMessage, S"-Certificateproblem:", ProblemCodeName );
         else
            ProblemMessage = S"Unknown Certificate Problem";
         return ProblemMessage;
      }
 };

Platforms

Windows 7, Windows Vista, Windows XP SP2, Windows XP Media Center Edition, Windows XP Professional x64 Edition, Windows XP Starter Edition, Windows Server 2008 R2, Windows Server 2008, Windows Server 2003, Windows Server 2000 SP4, Windows Millennium Edition, Windows 98, Windows CE, Windows Mobile for Smartphone, Windows Mobile for Pocket PC

The .NET Framework and .NET Compact Framework do not support all versions of every platform. For a list of the supported versions, see .NET Framework System Requirements.
Version Information

.NET Framework

Supported in: 3.5, 3.0, 2.0, 1.1, 1.0

.NET Compact Framework

Supported in: 3.5, 2.0, 1.0
See Also

Reference

Community Content

C# Example fails
Added by:Zoot_Allures
When the int problem number is cast to CertificateProblem the sign is extended and the value becomes 0xffffffff800xxxxx.

The solution is to define CertificateProblem thus:
public  enum    CertificateProblem  : uint

I have also found the CheckValidationResult is being called with a problem number of zero, presumably meaning no error, to give the function the opportunity to perform further checking even when no error has occurred.
In this case, the function should simply return true.
© 2009 Microsoft Corporation. All rights reserved.   Terms of Use | Trademarks | Privacy Statement
Page view tracker
Rate the Lightweight library
x
Lightweight builds on ScriptFree (loband) by adding features you've requested: a SearchBox and default code language selection.
Do you like the SearchBox?
Do you like the tabbed code blocks?
How useful is this topic?
Tell us more.
Thanks
x
You're helping to improve MSDN Online.
Feedback
Switch View
Classic
Lightweight Beta
ScriptFree
Switch View