HttpClientHandler.ServerCertificateCustomValidationCallback Property

Definition

Gets or sets a callback method to validate the server certificate.

[System.Runtime.Versioning.UnsupportedOSPlatform("browser")]
public Func<System.Net.Http.HttpRequestMessage,System.Security.Cryptography.X509Certificates.X509Certificate2?,System.Security.Cryptography.X509Certificates.X509Chain?,System.Net.Security.SslPolicyErrors,bool>? ServerCertificateCustomValidationCallback { get; set; }
public Func<System.Net.Http.HttpRequestMessage,System.Security.Cryptography.X509Certificates.X509Certificate2,System.Security.Cryptography.X509Certificates.X509Chain,System.Net.Security.SslPolicyErrors,bool> ServerCertificateCustomValidationCallback { get; set; }

Property Value

A callback method to validate the server certificate.

Attributes

Examples

The following code example displays the server certificate.

static async Task Main()
{
    // Create an HttpClientHandler object and set to use default credentials
    HttpClientHandler handler = new HttpClientHandler();

    // Set custom server validation callback
    handler.ServerCertificateCustomValidationCallback = ServerCertificateCustomValidation;

    // Create an HttpClient object
    HttpClient client = new HttpClient(handler);

    // Call asynchronous network methods in a try/catch block to handle exceptions
    try
    {
        HttpResponseMessage response = await client.GetAsync("https://zcusa.951200.xyz/");

        response.EnsureSuccessStatusCode();

        string responseBody = await response.Content.ReadAsStringAsync();
        Console.WriteLine($"Read {responseBody.Length} characters");
    }
    catch (HttpRequestException e)
    {
        Console.WriteLine("\nException Caught!");
        Console.WriteLine($"Message: {e.Message} ");
    }

    // Need to call dispose on the HttpClient and HttpClientHandler objects
    // when done using them, so the app doesn't leak resources
    handler.Dispose();
    client.Dispose();
}

private static bool ServerCertificateCustomValidation(HttpRequestMessage requestMessage, X509Certificate2? certificate, X509Chain? chain, SslPolicyErrors sslErrors)
{
    // It is possible to inspect the certificate provided by the server.
    Console.WriteLine($"Requested URI: {requestMessage.RequestUri}");
    Console.WriteLine($"Effective date: {certificate?.GetEffectiveDateString()}");
    Console.WriteLine($"Exp date: {certificate?.GetExpirationDateString()}");
    Console.WriteLine($"Issuer: {certificate?.Issuer}");
    Console.WriteLine($"Subject: {certificate?.Subject}");

    // Based on the custom logic it is possible to decide whether the client considers certificate valid or not
    Console.WriteLine($"Errors: {sslErrors}");
    return sslErrors == SslPolicyErrors.None;
}

Remarks

The ServerCertificateCustomValidationCallback can be used to obtain and validate the server certificate.

Applies to

Product Versions
.NET Core 1.0, Core 1.1, Core 2.0, Core 2.1, Core 2.2, Core 3.0, Core 3.1, 5, 6, 7, 8, 9
.NET Framework 4.7.1, 4.7.2, 4.8, 4.8.1
.NET Standard 1.3, 1.4, 1.6, 2.0, 2.1