SslClientAuthenticationOptions Class

Represents the options used to configure client authentication for SSL/TLS connections.

This class allows you to specify various settings for how a client should authenticate itself when establishing an SSL/TLS connection. This includes details about certificates, supported encryption protocols, and how to handle certificate validation.

Namespace

System.Net.Security

Assembly

System.Net.Primitives.dll

Syntax

public sealed class SslClientAuthenticationOptions

Remarks

When establishing a secure connection using SSL/TLS, the client needs to authenticate itself to the server. The SslClientAuthenticationOptions class provides a comprehensive set of properties to control this authentication process. You can use these options to:

  • Specify the client's certificate for authentication.
  • Define the acceptable client certificate issuers.
  • Configure the target host for certificate validation.
  • Set the SSL/TLS protocol versions that the client will support.
  • Provide a callback function for custom certificate validation logic.

These options are typically passed to methods like SslStream.AuthenticateAsClientAsync to customize the client's SSL/TLS handshake behavior.

Examples

Basic Client Authentication

This example demonstrates how to create and configure SslClientAuthenticationOptions for a basic client authentication scenario.

C#
using System;
using System.Net.Security;
using System.Security.Cryptography.X509Certificates;

// Assume you have a stream 'stream' and a target hostname 'targetHost'

var sslOptions = new SslClientAuthenticationOptions
{
    TargetHost = "example.com",
    ClientCertificates = null, // Or provide a specific client certificate
    EnabledSslProtocols = System.Security.Authentication.SslProtocols.Tls12 | System.Security.Authentication.SslProtocols.Tls13,
    RemoteCertificateValidationCallback = (sender, certificate, chain, sslPolicyErrors) =>
    {
        // Basic validation: Allow self-signed certificates for testing
        // In production, implement robust validation
        if (sslPolicyErrors == System.Net.Security.SslPolicyErrors.None)
            return true;

        Console.WriteLine($"Certificate validation failed: {sslPolicyErrors}");
        return false;
    }
};

// Use sslOptions when calling SslStream.AuthenticateAsClientAsync
// var sslStream = new SslStream(stream);
// await sslStream.AuthenticateAsClientAsync(sslOptions);

Properties

Name Description Type
ClientCertificates Gets or sets a collection of client certificates used to authenticate the client. X509CertificateCollection
EnabledSslProtocols Gets or sets the enabled SSL/TLS protocols. System.Security.Authentication.SslProtocols
RemoteCertificateValidationCallback Gets or sets a callback delegate that is used to validate the server's certificate. RemoteCertificateValidationCallback
TargetHost Gets or sets the target host name for SSL/TLS authentication. string
CertificateRevocationCheckMode Gets or sets the certificate revocation check mode for validating the server certificate. System.Security.Cryptography.X509Certificates.X509RevocationMode
AllowRenegotiation Gets or sets a value that indicates whether SSL/TLS renegotiation is allowed. bool

Methods

This class does not expose public methods beyond standard object methods.

See Also