ICertificatePolicy Interface
Validates a server certificate.
For a list of all members of this type, see ICertificatePolicy Members.
[Visual Basic] Public Interface ICertificatePolicy [C#] public interface ICertificatePolicy [C++] public __gc __interface ICertificatePolicy [JScript] public interface ICertificatePolicy
Remarks
The ICertificatePolicy interface is used to provide custom security certificate validation for an application. The default policy is to allow valid certificates, as well as valid certificates that have expired. To change this policy, implement the ICertificatePolicy interface with a different policy, and then assign that policy to ServicePointManager.CertificatePolicy.
ICertificatePolicy uses the Security Support Provider Interface (SSPI). For more information, see the SSPI documentation in MSDN.
Example
[Visual Basic, C#, C++] The following example creates a certificate policy returns that false for any certificate problem and prints a message indicating the problem on the console. The CertificateProblem enum defines SSPI constants for certificate problems, and the private GetProblemMessage method creates a printable message about the problem.
[Visual Basic] Public Enum CertificateProblem As Long CertEXPIRED = 2148204801 ' 0x800B0101 CertVALIDITYPERIODNESTING = 2148204802 ' 0x800B0102 CertROLE = 2148204803 ' 0x800B0103 CertPATHLENCONST = 2148204804 ' 0x800B0104 CertCRITICAL = 2148204805 ' 0x800B0105 CertPURPOSE = 2148204806 ' 0x800B0106 CertISSUERCHAINING = 2148204807 ' 0x800B0107 CertMALFORMED = 2148204808 ' 0x800B0108 CertUNTRUSTEDROOT = 2148204809 ' 0x800B0109 CertCHAINING = 2148204810 ' 0x800B010A CertREVOKED = 2148204812 ' 0x800B010C CertUNTRUSTEDTESTROOT = 2148204813 ' 0x800B010D CertREVOCATION_FAILURE = 2148204814 ' 0x800B010E CertCN_NO_MATCH = 2148204815 ' 0x800B010F CertWRONG_USAGE = 2148204816 ' 0x800B0110 CertUNTRUSTEDCA = 2148204818 ' 0x800B0112 End Enum Public Class MyCertificateValidation Implements ICertificatePolicy ' Default policy for certificate validation. Public Shared DefaultValidate As Boolean = False Public Function CheckValidationResult(srvPoint As ServicePoint, _ cert As X509Certificate, request As WebRequest, problem As Integer) _ As Boolean Implements ICertificatePolicy.CheckValidationResult Dim ValidationResult As Boolean = False Console.WriteLine(("Certificate Problem with accessing " & _ request.RequestUri.ToString())) Console.Write("Problem code 0x{0:X8},", CInt(problem)) Console.WriteLine(GetProblemMessage(CType(problem, _ CertificateProblem))) ValidationResult = DefaultValidate Return ValidationResult End Function Private Function GetProblemMessage(Problem As CertificateProblem) As String Dim ProblemMessage As String = "" Dim problemList As New CertificateProblem() Dim ProblemCodeName As String = System.Enum.GetName( _ problemList.GetType(), Problem) If Not (ProblemCodeName Is Nothing) Then ProblemMessage = ProblemMessage + "-Certificateproblem:" & _ ProblemCodeName Else ProblemMessage = "Unknown Certificate Problem" End If Return ProblemMessage End Function End Class [C#] public enum CertificateProblem : long { CertEXPIRED = 0x800B0101, CertVALIDITYPERIODNESTING = 0x800B0102, CertROLE = 0x800B0103, CertPATHLENCONST = 0x800B0104, CertCRITICAL = 0x800B0105, CertPURPOSE = 0x800B0106, CertISSUERCHAINING = 0x800B0107, CertMALFORMED = 0x800B0108, CertUNTRUSTEDROOT = 0x800B0109, CertCHAINING = 0x800B010A, CertREVOKED = 0x800B010C, CertUNTRUSTEDTESTROOT = 0x800B010D, CertREVOCATION_FAILURE = 0x800B010E, CertCN_NO_MATCH = 0x800B010F, CertWRONG_USAGE = 0x800B0110, CertUNTRUSTEDCA = 0x800B0112 } public class MyCertificateValidation : ICertificatePolicy { // Default policy for certificate validation. public static bool DefaultValidate = false; public bool CheckValidationResult(ServicePoint sp, X509Certificate cert, WebRequest request, int problem) { bool ValidationResult=false; Console.WriteLine("Certificate Problem with accessing " + request.RequestUri); Console.Write("Problem code 0x{0:X8},",(int)problem); Console.WriteLine(GetProblemMessage((CertificateProblem)problem)); ValidationResult = DefaultValidate; return ValidationResult; } private String GetProblemMessage(CertificateProblem Problem) { String ProblemMessage = ""; CertificateProblem problemList = new CertificateProblem(); String ProblemCodeName = Enum.GetName(problemList.GetType(),Problem); if(ProblemCodeName != null) ProblemMessage = ProblemMessage + "-Certificateproblem:" + ProblemCodeName; else ProblemMessage = "Unknown Certificate Problem"; return ProblemMessage; } } [C++] public __value enum CertificateProblem : long { CertEXPIRED = 0x800B0101, CertVALIDITYPERIODNESTING = 0x800B0102, CertROLE = 0x800B0103, CertPATHLENCONST = 0x800B0104, CertCRITICAL = 0x800B0105, CertPURPOSE = 0x800B0106, CertISSUERCHAINING = 0x800B0107, CertMALFORMED = 0x800B0108, CertUNTRUSTEDROOT = 0x800B0109, CertCHAINING = 0x800B010A, CertREVOKED = 0x800B010C, CertUNTRUSTEDTESTROOT = 0x800B010D, CertREVOCATION_FAILURE = 0x800B010E, CertCN_NO_MATCH = 0x800B010F, CertWRONG_USAGE = 0x800B0110, CertUNTRUSTEDCA = 0x800B0112 }; public __gc class MyCertificateValidation : public ICertificatePolicy { // Default policy for certificate validation. public: static bool DefaultValidate = false; bool CheckValidationResult(ServicePoint* /*sp*/, X509Certificate* /*cert*/, WebRequest* request, int problem) { bool ValidationResult=false; Console::WriteLine(S"Certificate Problem with accessing {0}", request->RequestUri); Console::Write(S"Problem code 0x{0:X8},", __box((int)problem)); Console::WriteLine(GetProblemMessage((CertificateProblem)problem)); ValidationResult = DefaultValidate; return ValidationResult; } private: String* GetProblemMessage(CertificateProblem Problem) { String* ProblemMessage = S""; CertificateProblem problemList = CertificateProblem(); String* ProblemCodeName = Enum::GetName(__box(problemList)->GetType(),__box(Problem)); if(ProblemCodeName != 0) ProblemMessage = String::Concat( ProblemMessage, S"-Certificateproblem:", ProblemCodeName ); else ProblemMessage = S"Unknown Certificate Problem"; return ProblemMessage; } };
[JScript] No example is available for JScript. To view a Visual Basic, C#, or C++ example, click the Language Filter button
in the upper-left corner of the page.
Requirements
Namespace: System.Net
Platforms: Windows 98, Windows NT 4.0, Windows Millennium Edition, Windows 2000, Windows XP Home Edition, Windows XP Professional, Windows Server 2003 family, .NET Compact Framework
Assembly: System (in System.dll)