RemoteCertificateValidationCallback Delegato
Definizione
Importante
Alcune informazioni sono relative alla release non definitiva del prodotto, che potrebbe subire modifiche significative prima della release definitiva. Microsoft non riconosce alcuna garanzia, espressa o implicita, in merito alle informazioni qui fornite.
Verifica il certificato SSL (Secure Sockets Layer) remoto utilizzato per l'autenticazione.
public delegate bool RemoteCertificateValidationCallback(System::Object ^ sender, X509Certificate ^ certificate, X509Chain ^ chain, SslPolicyErrors sslPolicyErrors);
public delegate bool RemoteCertificateValidationCallback(object sender, X509Certificate? certificate, X509Chain? chain, SslPolicyErrors sslPolicyErrors);
public delegate bool RemoteCertificateValidationCallback(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors);
type RemoteCertificateValidationCallback = delegate of obj * X509Certificate * X509Chain * SslPolicyErrors -> bool
Public Delegate Function RemoteCertificateValidationCallback(sender As Object, certificate As X509Certificate, chain As X509Chain, sslPolicyErrors As SslPolicyErrors) As Boolean
Parametri
- sender
- Object
Oggetto contenente le informazioni di stato per la convalida.
- certificate
- X509Certificate
Certificato utilizzato per autenticare la parte remota.
- chain
- X509Chain
Catena di autorità di certificazione associate al certificato remoto.
- sslPolicyErrors
- SslPolicyErrors
Uno o più errori associati al certificato remoto.
Valore restituito
Valore Boolean che determina se il certificato specificato è accettato per l'autenticazione.
Esempio
Nell'esempio di codice seguente viene implementato un metodo richiamato da un'istanza della RemoteCertificateValidationCallback classe. Se sono presenti errori di convalida, questo metodo li visualizza e restituisce false
, che impedisce la comunicazione con il server non autenticato.
// Load a table of errors that might cause
// the certificate authentication to fail.
static void InitializeCertificateErrors()
{
certificateErrors->Add(0x800B0101,
"The certification has expired.");
certificateErrors->Add(0x800B0104,
"A path length constraint "
"in the certification chain has been violated.");
certificateErrors->Add(0x800B0105,
"A certificate contains an unknown extension "
"that is marked critical.");
certificateErrors->Add(0x800B0107,
"A parent of a given certificate in fact "
"did not issue that child certificate.");
certificateErrors->Add(0x800B0108,
"A certificate is missing or has an empty value "
"for a necessary field.");
certificateErrors->Add(0x800B0109,
"The certificate root is not trusted.");
certificateErrors->Add(0x800B010C,
"The certificate has been revoked.");
certificateErrors->Add(0x800B010F,
"The name in the certificate does not not match "
"the host name requested by the client.");
certificateErrors->Add(0x800B0111,
"The certificate was explicitly marked "
"as untrusted by the user.");
certificateErrors->Add(0x800B0112,
"A certification chain processed correctly, "
"but one of the CA certificates is not trusted.");
certificateErrors->Add(0x800B0113,
"The certificate has an invalid policy.");
certificateErrors->Add(0x800B0114,
"The certificate name is either not "
"in the permitted list or is explicitly excluded.");
certificateErrors->Add(0x80092012,
"The revocation function was unable to check "
"revocation for the certificate.");
certificateErrors->Add(0x80090327,
"An unknown error occurred while "
"processing the certificate.");
certificateErrors->Add(0x80096001,
"A system-level error occurred "
"while verifying trust.");
certificateErrors->Add(0x80096002,
"The certificate for the signer of the message "
"is invalid or not found.");
certificateErrors->Add(0x80096003,
"One of the counter signatures was invalid.");
certificateErrors->Add(0x80096004,
"The signature of the certificate "
"cannot be verified.");
certificateErrors->Add(0x80096005,
"The time stamp signature or certificate "
"could not be verified or is malformed.");
certificateErrors->Add(0x80096010,
"The digital signature of the object "
"was not verified.");
certificateErrors->Add(0x80096019,
"The basic constraint extension of a certificate "
"has not been observed.");
}
static String^ CertificateErrorDescription(UInt32 problem)
{
// Initialize the error message dictionary
// if it is not yet available.
if (certificateErrors->Count == 0)
{
InitializeCertificateErrors();
}
String^ description = safe_cast<String^>(
certificateErrors[problem]);
if (description == nullptr)
{
description = String::Format(
CultureInfo::CurrentCulture,
"Unknown certificate error - 0x{0:x8}",
problem);
}
return description;
}
public:
// The following method is invoked
// by the CertificateValidationDelegate.
static bool ValidateServerCertificate(
Object^ sender,
X509Certificate^ certificate,
X509Chain^ chain,
SslPolicyErrors sslPolicyErrors)
{
Console::WriteLine("Validating the server certificate.");
if (sslPolicyErrors == SslPolicyErrors::None)
return true;
Console::WriteLine("Certificate error: {0}", sslPolicyErrors);
// Do not allow this client to communicate with unauthenticated servers.
return false;
}
// The following method is invoked by the RemoteCertificateValidationDelegate.
public static bool ValidateServerCertificate(
object sender,
X509Certificate certificate,
X509Chain chain,
SslPolicyErrors sslPolicyErrors)
{
if (sslPolicyErrors == SslPolicyErrors.None)
return true;
Console.WriteLine("Certificate error: {0}", sslPolicyErrors);
// Do not allow this client to communicate with unauthenticated servers.
return false;
}
Nell'esempio di codice seguente viene creato il delegato usando il metodo definito nell'esempio di codice precedente.
// Create a TCP/IP client socket.
// machineName is the host running the server application.
TcpClient^ client = gcnew TcpClient(machineName, 5000);
Console::WriteLine("Client connected.");
// Create an SSL stream that will close
// the client's stream.
SslStream^ sslStream = gcnew SslStream(
client->GetStream(), false,
gcnew RemoteCertificateValidationCallback(ValidateServerCertificate),
nullptr);
// The server name must match the name
// on the server certificate.
try
{
sslStream->AuthenticateAsClient(serverName);
}
catch (AuthenticationException^ ex)
{
Console::WriteLine("Exception: {0}", ex->Message);
if (ex->InnerException != nullptr)
{
Console::WriteLine("Inner exception: {0}",
ex->InnerException->Message);
}
Console::WriteLine("Authentication failed - "
"closing the connection.");
sslStream->Close();
client->Close();
return;
}
// Create a TCP/IP client socket.
// machineName is the host running the server application.
TcpClient client = new TcpClient(machineName,5000);
Console.WriteLine("Client connected.");
// Create an SSL stream that will close the client's stream.
SslStream sslStream = new SslStream(
client.GetStream(),
false,
new RemoteCertificateValidationCallback (ValidateServerCertificate),
null
);
// The server name must match the name on the server certificate.
try
{
sslStream.AuthenticateAsClient(serverName);
}
catch (AuthenticationException e)
{
Console.WriteLine("Exception: {0}", e.Message);
if (e.InnerException != null)
{
Console.WriteLine("Inner exception: {0}", e.InnerException.Message);
}
Console.WriteLine ("Authentication failed - closing the connection.");
client.Close();
return;
}
Commenti
L'argomento del sslPolicyErrors
delegato contiene eventuali errori di certificato restituiti da SSPI durante l'autenticazione del client o del server. Il Boolean valore restituito dal metodo richiamato da questo delegato determina se l'autenticazione può avere esito positivo.
Questo delegato viene usato con la SslStream classe .
Metodi di estensione
GetMethodInfo(Delegate) |
Ottiene un oggetto che rappresenta il metodo rappresentato dal delegato specificato. |