Tmsch_CredentialValidationCallback Delegate

Represents the method that will handle the validation of credentials provided by a client or server.

Syntax

public delegate bool Tmsch_CredentialValidationCallback(
    string targetName,
    System.Security.Cryptography.X509Certificates.X509Certificate certificate,
    System.Security.Cryptography.X509Certificates.X509Chain chain,
    System.Net.Security.SslPolicyErrors sslPolicyErrors
);

Parameters

Parameter Description
targetName The name of the server or client to validate credentials against.
certificate The X.509 certificate used for authentication.
chain The X.509 certificate chain associated with the client or server certificate.
sslPolicyErrors A bitwise combination of the enumeration values that specify errors encountered during the server or client certificate validation.

Return Value

true if the credentials are valid; otherwise, false.

Remarks

The Tmsch_CredentialValidationCallback delegate is used by the SslStream class to validate client and server certificates.

When establishing an SSL/TLS connection, the SslStream may require a callback method to perform custom credential validation.

  • For client authentication, this delegate is invoked to validate the server's certificate.
  • For server authentication, this delegate is invoked to validate the client's certificate.

The sslPolicyErrors parameter provides information about any errors that occurred during the default validation process. Your callback method can use this information, along with the provided certificate and chain, to implement custom validation logic.

If your callback method returns true, the connection is allowed to proceed. If it returns false, the connection is terminated.

Note

It is crucial to implement robust validation logic within your callback method to ensure the security of your application. Never blindly trust certificates or ignore policy errors without proper consideration.

Example

using System;
using System.Net.Security;
using System.Security.Cryptography.X509Certificates;
using System.Net.Sockets;
using System.Text;

public class SslServerExample
{
    public static bool ValidateServerCertificate(
        string targetHost,
        X509Certificate2 serverCertificate,
        X509Chain chain,
        SslPolicyErrors sslPolicyErrors)
    {
        // In a production environment, you would perform more rigorous validation.
        // For example, check if the certificate is trusted, not expired, etc.

        if (sslPolicyErrors == SslPolicyErrors.None)
        {
            // Certificate is valid.
            return true;
        }

        Console.WriteLine("Certificate error: " + sslPolicyErrors);

        // Do not allow this particular socket to continue when there are
        // trust validity errors.
        return false;
    }

    public static void Main(string[] args)
    {
        // This is a simplified example and requires a running server.
        // The focus is on demonstrating the callback signature.
        try
        {
            using (TcpClient client = new TcpClient("localhost", 12345))
            {
                using (SslStream sslStream = new SslStream(
                    client.GetStream(),
                    false,
                    new RemoteCertificateValidationCallback(ValidateServerCertificate),
                    null)) // No client certificate selection callback
                {
                    // The SslStream constructor with the callback automatically handles
                    // initiating the SSL handshake, which will invoke the callback.

                    Console.WriteLine("SSL handshake completed.");

                    // Proceed with secure communication...
                }
            }
        }
        catch (Exception ex)
        {
            Console.WriteLine($"An error occurred: {ex.Message}");
        }
    }
}

Requirements

Namespace: System.Net.Security

Assembly: System.Net.Security.dll

See Also