RemoteCertificateCallback Delegate
Represents the method that will handle the validation of a remote certificate.
Syntax
public delegate bool RemoteCertificateCallback(
object sender,
System.Security.Cryptography.X509Certificates.X509Certificate certificate,
System.Security.Cryptography.X509Certificates.X509Chain chain,
System.Security.SecurityPolicyErrors sslPolicyErrors
);Parameters
sender: The object that initiated the callback.certificate: The certificate used to authenticate the remote party.chain: The chain of certificates that device the certificate.sslPolicyErrors: One or more errors associated with the certificate.
Return Value
true if the certificate is trusted; otherwise, false.
Remarks
The RemoteCertificateCallback delegate is used by the
System.Net.Security.SslStream.AuthenticateAsClient method. When
a client connects to a server, it receives a server certificate. The
RemoteCertificateCallback delegate is invoked to validate this
certificate.
If your application needs to establish a secure connection to a server that
does not present a trusted certificate, you can implement a
RemoteCertificateCallback delegate that inspects the certificate
and decides whether to trust it. For example, you might want to trust a
self-signed certificate in a development environment.
The sslPolicyErrors parameter provides information about any
errors that occurred during the certificate validation process. It is
important to examine these errors to ensure that you are not accepting
a malicious certificate.
In most production scenarios, it is recommended to rely on the default certificate validation provided by the .NET Framework, which checks against the trusted root certificate authorities installed on the system. Customizing this callback should be done with caution and a thorough understanding of the security implications.
Example
The following example demonstrates how to create a
RemoteCertificateCallback delegate that always returns
true, effectively disabling certificate validation.
This is generally not recommended for production environments.
using System;
using System.Net.Security;
using System.Security.Cryptography.X509Certificates;
public class CertificateValidation
{
// This callback method will always return true, bypassing certificate validation.
// Use with extreme caution, as it poses a security risk.
public static bool TrustAllCertificatesCallback(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
{
// In a real-world scenario, you would inspect certificate and sslPolicyErrors
// to make an informed decision about trusting the certificate.
// For demonstration purposes, we are always returning true.
Console.WriteLine("Certificate validation bypassed. Trusting all certificates.");
return true;
}
public static void Main(string[] args)
{
// Example usage (conceptual):
// SslStream sslStream = new SslStream(networkStream, false, new RemoteCertificateCallback(TrustAllCertificatesCallback));
// sslStream.AuthenticateAsClient("your.server.com");
}
}
Requirements
Client: Supports Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows 8.1, Windows Server 2012 R2.
Server: Supports Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows 8.1, Windows Server 2012 R2.
Namespace: System.Net.Security
Assembly: System (in System.dll)
.NET Framework versions: Available in the following versions: 1.0, 1.1, 2.0, 3.0, 3.5, 4.0, 4.5, 4.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8