This documentation is archived and is not being maintained.

RemoteCertificateValidationCallback Delegate

Verifies the remote Secure Sockets Layer (SSL) certificate used for authentication.

Namespace:  System.Net.Security
Assembly:  System (in System.dll)

Public Delegate Function RemoteCertificateValidationCallback ( _
	sender As Object, _
	certificate As X509Certificate, _
	chain As X509Chain, _
	sslPolicyErrors As SslPolicyErrors _
) As Boolean


Type: System.Object
An object that contains state information for this validation.
Type: System.Security.Cryptography.X509Certificates.X509Certificate
The certificate used to authenticate the remote party.
Type: System.Security.Cryptography.X509Certificates.X509Chain
The chain of certificate authorities associated with the remote certificate.
Type: System.Net.Security.SslPolicyErrors
One or more errors associated with the remote certificate.

Return Value

Type: System.Boolean
A Boolean value that determines whether the specified certificate is accepted for authentication.

The delegate's sslPolicyErrors argument contains any certificate errors returned by SSPI while authenticating the client or server. The Boolean value returned by the method invoked by this delegate determines whether the authentication is allowed to succeed.

This delegate is used with the SslStream class.

The following code example implements a method that is invoked by an instance of the RemoteCertificateValidationCallback class. If there are validation errors, this method displays them and returns false, which prevents communication with the unauthenticated server.

		' The following method is invoked by the RemoteCertificateValidationDelegate.
		Public Shared Function ValidateServerCertificate(ByVal sender As Object, ByVal certificate As X509Certificate, ByVal chain As X509Chain, ByVal sslPolicyErrors As SslPolicyErrors) As Boolean
		   If sslPolicyErrors = SslPolicyErrors.None Then
				Return True
		   End If

			Console.WriteLine("Certificate error: {0}", sslPolicyErrors)

			' Do not allow this client to communicate with unauthenticated servers.
			Return False
		End Function

The following code example creates the delegate using the method defined in the preceding code example.

			' Create a TCP/IP client socket.
			' machineName is the host running the server application.
			Dim client As New TcpClient(machineName,443)
			Console.WriteLine("Client connected.")
			' Create an SSL stream that will close the client's stream.
			Dim sslStream As New SslStream(client.GetStream(), False, New RemoteCertificateValidationCallback (AddressOf ValidateServerCertificate), Nothing)
			' The server name must match the name on the server certificate.
			Catch e As AuthenticationException
				Console.WriteLine("Exception: {0}", e.Message)
				If e.InnerException IsNot Nothing Then
					Console.WriteLine("Inner exception: {0}", e.InnerException.Message)
				End If
				Console.WriteLine ("Authentication failed - closing the connection.")
			End Try

.NET Framework

Supported in: 4, 3.5, 3.0, 2.0

.NET Framework Client Profile

Supported in: 4, 3.5 SP1

Windows 7, Windows Vista SP1 or later, Windows XP SP3, Windows XP SP2 x64 Edition, Windows Server 2008 (Server Core not supported), Windows Server 2008 R2 (Server Core supported with SP1 or later), Windows Server 2003 SP2

The .NET Framework does not support all versions of every platform. For a list of the supported versions, see .NET Framework System Requirements.