This documentation is archived and is not being maintained.

ICertificatePolicy Interface

Validates a server certificate.

Namespace:  System.Net
Assembly:  System (in System.dll)

public interface ICertificatePolicy

The ICertificatePolicy interface is used to provide custom security certificate validation for an application. The default policy is to allow valid certificates, as well as valid certificates that have expired. To change this policy, implement the ICertificatePolicy interface with a different policy, and then assign that policy to ServicePointManager.CertificatePolicy.

ICertificatePolicy uses the Security Support Provider Interface (SSPI). For more information, see the SSPI documentation on MSDN.

The following example creates a certificate policy that returns false for any certificate problem and prints a message that indicates the problem on the console. The CertificateProblem enum defines SSPI constants for certificate problems, and the private GetProblemMessage method creates a printable message about the problem.

No code example is currently available or this language may not be supported.
 public  __value enum    CertificateProblem  : long
         CertEXPIRED                   = 0x800B0101,
         CertVALIDITYPERIODNESTING     = 0x800B0102,
         CertROLE                      = 0x800B0103,
         CertPATHLENCONST              = 0x800B0104,
         CertCRITICAL                  = 0x800B0105,
         CertPURPOSE                   = 0x800B0106,
         CertISSUERCHAINING            = 0x800B0107,
         CertMALFORMED                 = 0x800B0108,
         CertUNTRUSTEDROOT             = 0x800B0109,
         CertCHAINING                  = 0x800B010A,
         CertREVOKED                   = 0x800B010C,
         CertUNTRUSTEDTESTROOT         = 0x800B010D,
         CertREVOCATION_FAILURE        = 0x800B010E,
         CertCN_NO_MATCH               = 0x800B010F,
         CertWRONG_USAGE               = 0x800B0110,
         CertUNTRUSTEDCA               = 0x800B0112

 public __gc class MyCertificateValidation : public ICertificatePolicy
     // Default policy for certificate validation.
     static bool DefaultValidate = false; 

     bool CheckValidationResult(ServicePoint* /*sp*/, X509Certificate* /*cert*/,
        WebRequest* request, int problem)
         bool ValidationResult=false;
         Console::WriteLine(S"Certificate Problem with accessing {0}", request->RequestUri);
         Console::Write(S"Problem code 0x{0:X8},", __box((int)problem));

         ValidationResult = DefaultValidate;
         return ValidationResult; 

     String* GetProblemMessage(CertificateProblem Problem)
         String* ProblemMessage = S"";
         CertificateProblem problemList =  CertificateProblem();
         String* ProblemCodeName = Enum::GetName(__box(problemList)->GetType(),__box(Problem));
         if(ProblemCodeName != 0)
            ProblemMessage = String::Concat( ProblemMessage, S"-Certificateproblem:", ProblemCodeName );
            ProblemMessage = S"Unknown Certificate Problem";
         return ProblemMessage;

Windows 7, Windows Vista, Windows XP SP2, Windows XP Media Center Edition, Windows XP Professional x64 Edition, Windows XP Starter Edition, Windows Server 2008 R2, Windows Server 2008, Windows Server 2003, Windows Server 2000 SP4, Windows Millennium Edition, Windows 98, Windows CE, Windows Mobile for Smartphone, Windows Mobile for Pocket PC

The .NET Framework and .NET Compact Framework do not support all versions of every platform. For a list of the supported versions, see .NET Framework System Requirements.

.NET Framework

Supported in: 3.5, 3.0, 2.0, 1.1, 1.0

.NET Compact Framework

Supported in: 3.5, 2.0, 1.0