Was this page helpful?
Your feedback about this content is important. Let us know what you think.
Additional feedback?
1500 characters remaining
Export (0) Print
Expand All

ICertificatePolicy Interface

Validates a server certificate.

Namespace:  System.Net
Assembly:  System (in System.dll)

public interface ICertificatePolicy

The ICertificatePolicy type exposes the following members.

  NameDescription
Public methodCheckValidationResultValidates a server certificate.
Top

The ICertificatePolicy interface is used to provide custom security certificate validation for an application. The default policy is to allow valid certificates, as well as valid certificates that have expired. To change this policy, implement the ICertificatePolicy interface with a different policy, and then assign that policy to ServicePointManager.CertificatePolicy.

ICertificatePolicy uses the Security Support Provider Interface (SSPI). For more information, see the SSPI documentation on MSDN.

The following example creates a certificate policy that returns false for any certificate problem and prints a message that indicates the problem on the console. The CertificateProblem enum defines SSPI constants for certificate problems, and the private GetProblemMessage method creates a printable message about the problem.

public   enum    CertificateProblem  : long
{
        CertEXPIRED                   = 0x800B0101,
        CertVALIDITYPERIODNESTING     = 0x800B0102,
        CertROLE                      = 0x800B0103,
        CertPATHLENCONST              = 0x800B0104,
        CertCRITICAL                  = 0x800B0105,
        CertPURPOSE                   = 0x800B0106,
        CertISSUERCHAINING            = 0x800B0107,
        CertMALFORMED                 = 0x800B0108,
        CertUNTRUSTEDROOT             = 0x800B0109,
        CertCHAINING                  = 0x800B010A,
        CertREVOKED                   = 0x800B010C,
        CertUNTRUSTEDTESTROOT         = 0x800B010D,
        CertREVOCATION_FAILURE        = 0x800B010E,
        CertCN_NO_MATCH               = 0x800B010F,
        CertWRONG_USAGE               = 0x800B0110,
        CertUNTRUSTEDCA               = 0x800B0112
}

public class MyCertificateValidation : ICertificatePolicy
{
    // Default policy for certificate validation. 
    public static bool DefaultValidate = false; 

    public bool CheckValidationResult(ServicePoint sp, X509Certificate cert,
       WebRequest request, int problem)
    {        
        bool ValidationResult=false;
        Console.WriteLine("Certificate Problem with accessing " +
           request.RequestUri);
        Console.Write("Problem code 0x{0:X8},",(int)problem);
        Console.WriteLine(GetProblemMessage((CertificateProblem)problem));

        ValidationResult = DefaultValidate;
        return ValidationResult; 
    }

    private String GetProblemMessage(CertificateProblem Problem)
    {
        String ProblemMessage = "";
        CertificateProblem problemList = new CertificateProblem();
        String ProblemCodeName = Enum.GetName(problemList.GetType(),Problem);
        if(ProblemCodeName != null)
           ProblemMessage = ProblemMessage + "-Certificateproblem:" +
              ProblemCodeName;
        else
           ProblemMessage = "Unknown Certificate Problem";
        return ProblemMessage;
     }
}
   

.NET Framework

Supported in: 4.6, 4.5, 4, 3.5, 3.0, 2.0, 1.1

.NET Framework Client Profile

Supported in: 4, 3.5 SP1
Show:
© 2015 Microsoft