ICertificatePolicy Interface

MSDN > Library > .NET Framework > System.Net > System.Net.Security > ICertificatePolicy

Represents a custom certificate policy that can be used to validate an X.509 certificate.

Namespace

Syntax

public interface ICertificatePolicy

Remarks

The ICertificatePolicy interface allows you to specify how your application handles security certificate validation errors. By default, .NET Framework applications trust all certificates that are issued by a trusted certificate authority. If you need to implement custom logic for certificate validation, you can create a class that implements ICertificatePolicy and assign an instance of your class to the System.Net.ServicePointManager.CertificatePolicy property.

This is particularly useful in scenarios where you are dealing with self-signed certificates or certificates from internal certificate authorities that are not recognized by the default trust store.

Methods

CheckValidationResult

bool CheckValidationResult( ServicePoint srvPoint, X509Certificate certificate, WebRequest request, int certificateProblem )
Parameters
srvPoint

A ServicePoint object associated with the request.

certificate

An X509Certificate object representing the server's certificate.

request

A WebRequest object representing the client's request.

certificateProblem

An integer representing the reason for the certificate validation failure. For a list of possible values, see System.Security.Cryptography.X509Certificates.X509ChainStatusFlags.

Returns
true if the certificate is trusted; otherwise, false.

This method is called by the .NET Framework when a certificate validation error occurs. Your implementation should inspect the parameters, particularly the certificateProblem, to determine whether to trust the certificate.

Important: Implementing a custom certificate policy can have security implications. Ensure that your policy correctly validates certificates to prevent man-in-the-middle attacks or other security vulnerabilities. Avoid blindly trusting all certificates.

Requirements

Namespace
System.Net.Security
Assembly
System.dll

Example

using System; using System.Net; using System.Net.Security; using System.Security.Cryptography.X509Certificates; public class TrustAllCertificatesPolicy : ICertificatePolicy { public bool CheckValidationResult( ServicePoint srvPoint, X509Certificate certificate, WebRequest request, int certificateProblem) { // In a real application, you would implement robust certificate validation logic here. // For demonstration purposes, this policy trusts all certificates. return true; } } public class Example { public static void Main(string[] args) { // Set the custom certificate policy ServicePointManager.CertificatePolicy = new TrustAllCertificatesPolicy(); try { WebClient client = new WebClient(); string result = client.DownloadString("https://example.com"); // Replace with a URL that might have certificate issues Console.WriteLine("Download successful!"); Console.WriteLine(result.Substring(0, Math.Min(result.Length, 200)) + "..."); } catch (Exception ex) { Console.WriteLine("An error occurred: " + ex.Message); } } }
© Microsoft Corporation. All rights reserved.