MSDN > Library > System.Net.Security > HttpClientCertificateManager.AllowFallbacks Property

HttpClientCertificateManager.AllowFallbacks Property

Declares: System.Net.Security
Assembly: System.Net.Http.dll

Property Value

System.Boolean

true if fallback to the default certificate selection logic is permitted; otherwise, false.

Remarks

When client certificates are required for a connection, and you are not using the default certificate selection mechanism, you can specify a custom certificate provider. If AllowFallbacks is set to true, and your custom provider cannot supply a suitable certificate, the system will attempt to use the default certificate selection logic to find a certificate. If AllowFallbacks is false, and no certificate is supplied by your custom provider, the connection will fail.

This property is particularly useful in scenarios where you want to offer a custom certificate selection experience but still ensure a connection can be established if the custom logic fails or if no specific certificate is mandated.

Requirements

.NET Framework

Supported in: 4.7

.NET Standard

Supported in: 2.1

.NET Core

Supported in: 1.0, 1.1, 2.0, 2.1, 2.2, 3.0, 3.1

.NET

Supported in: 5.0, 6.0, 7.0, 8.0

Example

The following example demonstrates how to configure an HttpClient to use a custom certificate manager with fallback enabled.


using System;
using System.Net.Http;
using System.Security.Cryptography.X509Certificates;

public class CustomCertificateProvider : ICertificateProvider
{
    public X509Certificate2 GetCertificate(string targetHost, System.Security.Cryptography.X509Certificates.X509ChainPolicy chainPolicy, System.Security.Cryptography.X509Certificates.SslProtocols sslProtocol)
    {
        // Custom logic to find a certificate.
        // For demonstration, we'll try to find a specific certificate.
        try
        {
            X509Store store = new X509Store(StoreName.My, StoreLocation.CurrentUser);
            store.Open(OpenFlags.ReadOnly);
            X509Certificate2Collection certificates = store.Certificates.Find(X509FindType.FindBySubjectName, "MyTestClientCert", false);
            store.Close();

            if (certificates.Count > 0)
            {
                Console.WriteLine($"Found custom certificate: {certificates[0].Subject}");
                return certificates[0];
            }
        }
        catch (Exception ex)
        {
            Console.WriteLine($"Error retrieving custom certificate: {ex.Message}");
        }

        Console.WriteLine("Custom certificate provider could not supply a certificate.");
        return null; // Return null if no custom certificate is found.
    }
}

public class Example
{
    public static void Main(string[] args)
    {
        var certificateManager = new HttpClientCertificateManager();
        certificateManager.Provider = new CustomCertificateProvider();
        certificateManager.AllowFallbacks = true; // Enable fallback

        var httpClientHandler = new HttpClientHandler
        {
            ClientCertificateOptions = ClientCertificateOption.Manual,
            CertificateManager = certificateManager
        };

        using (var client = new HttpClient(httpClientHandler))
        {
            try
            {
                // This request will attempt to use the custom provider.
                // If the custom provider returns null, and AllowFallbacks is true,
                // the system will try to find a default certificate.
                HttpResponseMessage response = client.GetAsync("https://example.com").GetAwaiter().GetResult();
                response.EnsureSuccessStatusCode();
                Console.WriteLine("Request successful with certificate management.");
            }
            catch (HttpRequestException e)
            {
                Console.WriteLine($"Request error: {e.Message}");
            }
        }
    }
}

See Also