System.Net.Security.SslValidationContext Class

SslValidationContext Class

Represents the context for SSL/TLS validation. This class provides information about the certificate being validated and allows for customization of the validation process.

Namespace

System.Net.Security

Assembly

System.Net.dll

Inheritance

System.Object
System.Net.Security.SslValidationContext

Remarks

The SslValidationContext class is used in conjunction with the RemoteCertificateValidationCallback delegate. When a secure connection is being established, the .NET Framework invokes this callback, passing an instance of SslValidationContext. This context contains details about the server's certificate, such as its issuer, subject, and expiration date. The callback method can then inspect these properties and decide whether to trust the certificate and allow the connection to proceed.

By default, the .NET Framework performs standard certificate validation. However, you can provide a custom validation logic to implement specific security policies, such as checking against a trusted list of certificate authorities or performing additional checks on the certificate's properties.

Fields

No public static fields are exposed by this class.

Constructors

This class has no public constructors.

Properties

Name	Description
`Certificate`	`System.Security.Cryptography.X509Certificates.X509Certificate2` Gets the remote server's certificate.
`ChainPolicy`	`System.Security.Cryptography.X509Certificates.X509ChainPolicy` Gets the certificate chain policy used for validation.
`ChainStatus`	`System.Security.Cryptography.X509Certificates.X509ChainStatus[]` Gets the status of the certificate chain.
`PolicyErrors`	`System.Security.Cryptography.X509Certificates.X509ChainStatusFlags` Gets the policy errors encountered during validation.
`RemoteCertificateAsEnum`	`System.Security.Cryptography.X509Certificates.X509Certificate` Gets the remote server's certificate as an `X509Certificate` object.
`TargetHost`	`System.String` Gets the target host name for which the certificate is being validated.

Methods

Name	Description
`Dispose()`	Releases all resources used by the current instance of the `SslValidationContext` class.
`Dispose(Boolean disposing)`	Releases the unmanaged resources used by the `SslValidationContext` class and optionally releases the managed resources.

Example

The following example demonstrates how to use the SslValidationContext within a custom RemoteCertificateValidationCallback to perform basic validation checks.

                
                    using System;
                    using System.Net;
                    using System.Net.Security;
                    using System.Security.Cryptography.X509Certificates;

                    public class CertificateValidationExample
                    {
                        public static bool ValidateServerCertificate(
                            object sender,
                            X509Certificate certificate,
                            X509Chain chain,
                            SslPolicyErrors sslPolicyErrors)
                        {
                            // In a real-world scenario, you would implement more robust validation here.
                            // For demonstration, we'll allow connections with minor errors but log them.

                            if (sslPolicyErrors == SslPolicyErrors.None)
                            {
                                // Certificate is valid and trusted.
                                return true;
                            }

                            // Log the errors for investigation.
                            Console.WriteLine($"Certificate validation errors: {sslPolicyErrors}");

                            // Example: Allow if the only error is that the hostname doesn't match,
                            // assuming you've performed hostname validation elsewhere or trust it.
                            // THIS IS NOT RECOMMENDED FOR PRODUCTION WITHOUT CAREFUL CONSIDERATION.
                            if (sslPolicyErrors == SslPolicyErrors.RemoteCertificateNameMismatch)
                            {
                                // Further checks could be done here, e.g., checking Subject Alternative Names
                                // and comparing against an expected hostname.
                                // For this example, we'll allow it with a warning.
                                Console.WriteLine("Warning: Remote certificate name mismatch, but proceeding.");
                                return true;
                            }

                            // For any other errors, do not allow the connection.
                            return false;
                        }

                        public static void Main()
                        {
                            // Example of how to use the callback with an HttpClient
                            var handler = new HttpClientHandler();
                            handler.ServerCertificateCustomValidationCallback = ValidateServerCertificate;

                            using (var client = new HttpClient(handler))
                            {
                                try
                                {
                                    // Replace with a URL that uses HTTPS
                                    var response = client.GetAsync("https://www.example.com").GetAwaiter().GetResult();
                                    response.EnsureSuccessStatusCode();
                                    Console.WriteLine("Successfully connected.");
                                }
                                catch (HttpRequestException e)
                                {
                                    Console.WriteLine($"Request error: {e.Message}");
                                }
                            }
                        }
                    }
                
            

Requirements

The SslValidationContext class requires the .NET Framework 4.5 or later.

MSDN Documentation