SslClientAuthenticationOptions Class
Namespace: System.Net.Security
Assembly: System.Net.Security.dll
Provides options to configure client certificate authentication for SSL/TLS connections.
Syntax
public sealed class SslClientAuthenticationOptions
Properties
| Name | Type | Description |
|---|---|---|
ClientCertificates |
System.Collections.Generic.IEnumerable<System.Security.Cryptography.X509Certificates.X509Certificate2> |
Gets or sets the collection of client certificates to be sent to the server during authentication. If null, no client certificate is sent. |
EnabledSslProtocols |
System.Security.Authentication.SslProtocols |
Gets or sets the SSL/TLS protocols that are allowed for the connection. The default is SslProtocols.None, which means the system default protocols are used. |
EncryptionPolicy |
System.Net.Security.EncryptionPolicy |
Gets or sets the encryption policy for the SSL/TLS connection. This determines whether the connection can proceed with a certificate that has a weak signature or an expired certificate. |
TargetHost |
string |
Gets or sets the target host name of the server. This is used for certificate validation. |
CertificateRevocationCheckMode |
System.Security.Cryptography.X509Certificates.X509RevocationFlag |
Gets or sets a value that indicates whether revocation checking is performed on the server's certificate. |
RemoteCertificateValidationCallback |
System.Net.Security.RemoteCertificateValidationCallback |
Gets or sets a callback delegate that is invoked to validate the server's certificate. This allows for custom validation logic. |
Remarks
The SslClientAuthenticationOptions class is used to customize the behavior of SSL/TLS client authentication. It allows developers to specify client certificates, enable specific SSL/TLS protocols, control encryption policies, and provide custom logic for validating the server's certificate.
This class is typically used with classes like System.Net.Http.HttpClient or System.Net.Sockets.NetworkStream to establish secure connections.
Example
The following example demonstrates how to use SslClientAuthenticationOptions to configure client authentication for an HttpClient.
using System;
using System.Net.Http;
using System.Net.Security;
using System.Security.Authentication;
using System.Security.Cryptography.X509Certificates;
using System.Threading.Tasks;
public class SslClientExample
{
public static async Task Main(string[] args)
{
var handler = new HttpClientHandler();
// Load a client certificate (replace with your actual certificate path and password)
X509Certificate2 clientCertificate = new X509Certificate2("path/to/your/client.pfx", "your_password");
handler.ClientCertificates.Add(clientCertificate);
// Configure SSL options
handler.SslOptions = new SslClientAuthenticationOptions
{
ClientCertificates = { clientCertificate },
EnabledSslProtocols = SslProtocols.Tls12 | SslProtocols.Tls13,
EncryptionPolicy = EncryptionPolicy.RequireEncryption,
TargetHost = "your.server.com", // Replace with the actual server host
CertificateRevocationCheckMode = X509RevocationFlag.Online,
RemoteCertificateValidationCallback = (sender, certificate, chain, sslPolicyErrors) =>
{
// Custom validation logic (e.g., always trust for testing, or perform specific checks)
if (sslPolicyErrors == System.Net.Security.SslPolicyErrors.None)
{
return true; // Certificate is valid
}
// Log or handle other errors as needed
Console.WriteLine($"Certificate validation failed: {sslPolicyErrors}");
return false; // Certificate is not valid
}
};
using (var httpClient = new HttpClient(handler))
{
try
{
var response = await httpClient.GetAsync("https://your.server.com/api/data");
response.EnsureSuccessStatusCode();
string responseBody = await response.Content.ReadAsStringAsync();
Console.WriteLine(responseBody);
}
catch (HttpRequestException e)
{
Console.WriteLine($"Request error: {e.Message}");
}
}
}
}