System.Net.Security.ValidationCallback Delegate (.NET Framework)

Remarks

The ValidationCallback delegate is used to specify a callback method that determines whether the remote server's certificate is trusted.

When an SSL/TLS connection is established using System.Net.Security.SslStream, the server presents its certificate to the client. This delegate provides a way for the client application to customize the certificate validation process, allowing for scenarios such as using self-signed certificates or certificates from private certificate authorities.

If the callback method returns true, the certificate is considered valid, and the connection proceeds. If it returns false, the connection is aborted.

Parameters

sender: The object that initiated the callback. This is typically an instance of SslStream.
certificate: The X.509 certificate used by the server.
chain: The X.509 certificate chain associated with the server's certificate.
sslPolicyErrors: A bitwise combination of the enumeration values that indicates the errors encountered during certificate validation.

Example

The following example demonstrates how to use a custom ValidationCallback to accept any certificate, which is suitable for testing or development environments where strict certificate validation is not required. **Note:** This approach is not recommended for production environments due to security risks.


using System;
using System.Net.Security;
using System.Net.Sockets;
using System.Security.Cryptography.X509Certificates;
using System.Threading.Tasks;

public class SslClientExample
{
    public static async Task ConnectAsync(string host, int port)
    {
        using (var client = new TcpClient())
        {
            await client.ConnectAsync(host, port);
            using (var sslStream = new SslStream(client.GetStream(), false, new RemoteCertificateValidationCallback(ValidateServerCertificate), null))
            {
                try
                {
                    // Authenticate the client.
                    await sslStream.AuthenticateAsClientAsync(host);

                    // Handle communication...
                    Console.WriteLine("SSL connection established.");
                }
                catch (Exception ex)
                {
                    Console.WriteLine($"Authentication failed: {ex.Message}");
                }
            }
        }
    }

    // Custom validation callback
    public static bool ValidateServerCertificate(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
    {
        // In a production environment, you should thoroughly validate the certificate.
        // For example, check the certificate issuer, expiration date, and hostname.
        // This example is for demonstration purposes and accepts any certificate.
        if (sslPolicyErrors == SslPolicyErrors.None)
        {
            return true; // Certificate is valid.
        }

        Console.WriteLine($"Certificate error: {sslPolicyErrors}");

        // Allow self-signed certificates for testing (NOT recommended for production)
        // You might want to inspect the certificate details here and return true if it meets specific criteria.
        // For example:
        // if (certificate.Subject.Contains("MyTestCompany")) return true;

        return false; // Certificate is not valid.
    }

    public static async Task Main(string[] args)
    {
        // Replace with a valid host and port
        await ConnectAsync("example.com", 443);
    }
}

ValidationCallback Delegate

Delegate Declaration

Remarks

Parameters

Return Value

Example

See Also