Home > MSDN Library > System.Net > System.Net.Security > ValidationContext

ValidationContext Class

Namespace: System.Net.Security

Assembly: System (in System.dll)

Provides context information for certificate validation.

Content

Fields

SslPolicyErrors Specifies the SSL policy errors that occurred during certificate validation.
CertificateStoreName Specifies the name of the certificate store where the server certificate is located.
CertificateStoreLocation Specifies the location of the certificate store where the server certificate is located.

Properties

TargetHost Gets the name of the server that the client is attempting to authenticate.
Chain Gets the certificate chain.
ChainStatus Gets the status of the certificate chain.
Certificate Gets the server certificate.
UserState Gets or sets user-defined state information.

Methods

ValidationContext Initializes a new instance of the ValidationContext class.

Syntax


                    public sealed class ValidationContext

                    

                    // Fields

                    public readonly System.Security.Cryptography.X509Certificates.X509ChainStatusFlags SslPolicyErrors;

                    public readonly string CertificateStoreName;

                    public readonly System.Security.Cryptography.X509Certificates.StoreLocation CertificateStoreLocation;

                    

                    // Constructors

                    public ValidationContext(System.Security.Cryptography.X509Certificates.X509Certificate2 certificate, string targetHost, System.Security.Cryptography.X509Certificates.X509ChainStatusFlags sslPolicyErrors, string certificateStoreName, System.Security.Cryptography.X509Certificates.StoreLocation certificateStoreLocation, object userState);

                    

                    // Properties

                    public System.Security.Cryptography.X509Certificates.X509Certificate2 Certificate { get; }

                    public System.Security.Cryptography.X509Certificates.X509Chain Chain { get; }

                    public System.Security.Cryptography.X509Certificates.X509ChainStatus[] ChainStatus { get; }

                    public string TargetHost { get; }

                    public object UserState { get; }

Remarks

The ValidationContext class is used by the .NET Framework to provide information to a custom certificate validation callback. When establishing an SSL/TLS connection, the .NET Framework uses a default certificate validation policy. If you need to implement a custom validation policy, you can provide a callback delegate to the RemoteCertificateValidationCallback property of the System.Net.Security.SslClientAuthenticationOptions or System.Net.Security.SslStream class.

The callback delegate receives an instance of ValidationContext, which contains details about the certificate being validated, the target host, and any SSL policy errors that have occurred. This information allows you to determine whether to accept or reject the server's certificate.

The SslPolicyErrors field indicates the nature of any validation failures encountered by the default validation process.

The CertificateStoreName and CertificateStoreLocation fields provide information about where the server's certificate was found, if it was located in a certificate store.

The TargetHost property specifies the hostname of the server to which the client is attempting to connect.

The Chain property returns the certificate chain, and ChainStatus provides an array of X509ChainStatus objects describing the status of each certificate in the chain.

The Certificate property provides the actual server certificate that was presented.

The UserState property can be used to pass custom data between your application and the validation callback.

Example

The following example demonstrates how to use a custom RemoteCertificateValidationCallback to validate an SSL certificate. In this example, we simply accept any certificate for demonstration purposes, but in a real-world scenario, you would implement more robust validation logic.

                
using System;

using System.Net.Security;

using System.Net.Sockets;

using System.Security.Cryptography.X509Certificates;

using System.Threading.Tasks;

public class CustomCertificateValidation

{

    public static async Task ConnectWithCustomValidation(string host, int port)

    {

        try

        {

            TcpClient client = new TcpClient(host, port);

            // Create an SslStream using the network stream.

            SslStream sslStream = new SslStream(

                client.GetStream(),

                false,

                new RemoteCertificateValidationCallback(ValidateServerCertificate),

                null);

            // The server certificate validation service is asynchronous.

            await sslStream.AuthenticateAsClientAsync(host);

            Console.WriteLine("SSL connection established.");

            // ... perform communication over sslStream ...

            sslStream.Close();

            client.Close();

        }

        catch (Exception ex)

        {

            Console.WriteLine($"Connection failed: {ex.Message}");

        }

    }

    // Custom certificate validation callback.

    public static bool ValidateServerCertificate(

        object sender,

        X509Certificate? certificate,

        X509Chain? chain,

        SslPolicyErrors sslPolicyErrors)

    {

        // In this example, we always return true. Otherwise, we would

        // check the sslPolicyErrors and the certificate chain.

        // For a real-world application, you should implement proper validation logic here.

        Console.WriteLine($"SSL Policy Errors: {sslPolicyErrors}");

        Console.WriteLine($"Certificate: {certificate?.Subject}");

        if (sslPolicyErrors == SslPolicyErrors.None)

        {

            return true; // Certificate is valid.

        }

        // In a real-world scenario, you would inspect the errors and potentially

        // the chain to decide whether to trust the certificate.

        // For example, you might check if the errors are expected or if the certificate

        // is issued by a trusted root authority.

        // For demonstration purposes, we'll return true even if there are errors, but log them.

        // WARNING: Do not do this in production code!

        return true;

    }

}