tags:

views:

270

answers:

2
+3  Q: 

What is the best way of handling non-validating SSL certificates in C#

I'm using the following code to make sure all certificates pass, even invalid ones, but I would like to know if there is a better way, as this event gets called globally and I only want the certificate to pass for a certain HTTP call and not for any others that are happening asynchronously.

// This delegate makes sure that non-validating SSL certificates are passed
ServicePointManager.ServerCertificateValidationCallback = delegate(object certsender, X509Certificate cert, X509Chain chain, System.Net.Security.SslPolicyErrors error)
{
   return true;
};

The code above is just an example of ignoring any non-validation on the certificate. The problem that I'm having is that it is a global event. I can't see which session the event is happening for. I might have a couple of http requests going through and I want to ask the user for an action for each request.

+1  A: 

Well, you could actually bother to check some of those parameters. ;) For instance, if you have a self signed certificate, then only let error == SslPolicyErrors.RemoteCertificateChainError through. You could also check the issuer, name, etc. on the certificate itself for additional security.

Mark Brackett  2008-09-24 20:59:12
+1  A: 

What about the certsender argument? Does it contain anything sensible so that you can tell what connection the callback is happening for? I checked the .NET API but it doesn't say what the argument is supposed to contain...

Alexander  2008-09-25 14:23:14
Funny enough I thought I did check it but I went back because of this post and yes, certsender is actually the HttpRequest object which helps immensely. Thanks for making me check again ;)
Mladen Mihajlovic  2008-09-27 21:04:22

related questions

Displaying Flash content in a C# WinForms application
How to get the value of built, encoded ViewState?
Unhandled Exception Handler in .NET 1.1
How do I connect to a database and loop over a recordset in C#?
How do I most elegantly express left join with aggregate SQL as LINQ query
Get a new object instance from a Type in C#
.NET Testing Framework Advice
Automatically update version number
What is the difference between an int and an Integer in Java/C#?
How to write to Web.Config in Medium Trust ?
WinForms ComboBox data binding gotcha
How do you sort a C# dictionary by value?
Adding Scripting functionality to .NET applications
Floating Point Number parsing: Is there a Catch All algorithm?
How do I print an HTML document from a web service?
Decoding T-SQL CAST in C#/VB.net
Anatomy of a "Memory Leak"
How do I get a distinct, ordered list of names from a DataTable using Linq
Reliable Timer in a Console Application
How do I fill a DataSet or a DataTable from a LINQ query resultset ?
What's the difference between Math.Floor() and Math.Truncate() in .NET?
How do I calculate relative time?
How do I calculate someone's age in C#?
Are there any conversion tools for porting Visual J# code to C#?
When setting a form's opacity should I use a decimal or double?