C# Visual Studio 2015: IWebProxy certificate validation

Question

I'm trying to create a C# proxy DLL that allow VS2015 Community, on my offline workstation, access to internet through a corporate HTTP proxy with authentication.

Following instruction of this MSDN blog post I'm able to connect VisualStudio to HTTP pages in this way:

namespace VSProxy
{
    public class AuthProxyModule : IWebProxy
    {   
        ICredentials crendential = new NetworkCredential("user", "password");

        public ICredentials Credentials
        {
            get
            {
                return crendential;
            }
            set
            {
                crendential = value;
            }
        }

        public Uri GetProxy(Uri destination)
        {
            ServicePointManager.ServerCertificateValidationCallback = (Header, Cer, Claim, SslPolicyErrors) => true;
            return new Uri("http://128.16.0.123:1234", UriKind.Absolute);
        }

        public bool IsBypassed(Uri host)
        {
            return host.IsLoopback;
        }
    }
}

But I'm not able to connect to the account authentication page for Visual Studio Community access.

So, I'm trying to validate Microsoft certificate using DLL.

There is any way can I accomplish HTTPS and certificate issue?

How can I validate the certificate in the webProxy DLL?

Answer 1

If you want to bypass the certificate check altogether, you could set your ServicePointManager.ServerCertificateValidationCallback to always use a delegate which returns true:

var validationCallback = new RemoteCertificateValidationCallback(delegate { return true; });

....

ServicePointManager.ServerCertificateValidationCallback += validationCallback;

I'd wrap that in a try / catch / finally and in the finally, remove the delegate (as it otherwise applies process-wide iirc):

finally
{
     ServicePointManager.ServerCertificateValidationCallback -= validationCallback;
}

UPDATE 26/03/18: If you have control over the creation of the HttpClient, you can pass a HttpClientHandler when you construct it, with its ServerCertificateCustomValidationCallback delegate set to return true. You are effectively limiting the dangerous effect of disabling SSL checking process-wide and limiting it to the use of this HttpClient. Much safer. Code:

var handler = new HttpClientHandler();

// Optional check to enable / disable based on config setting.
if (ConfigurationManager.AppSettings["EnableSslCertificateCheck"] == null ||
    Convert.ToBoolean(ConfigurationManager.AppSettings["EnableSslCertificateCheck"]) == false)
{
    handler = new HttpClientHandler
    {
        ClientCertificateOptions = ClientCertificateOption.Manual,
        ServerCertificateCustomValidationCallback =
            (httpRequestMessage, cert, cetChain, policyErrors) => true
    };
}

return new HttpClient(handler);

Answer 2

You may have a SSL proxy certificate company gave. You just import the one into root certificate in IE(i.e. http://www.instructables.com/id/Installing-an-SSL-Certificate-in-Windows-7/, https://bto.bluecoat.com/webguides/sslv/sslva_first_steps/Content/Topics/Configure/ssl_ie_cert.htm)

Or just ignoring certificate validation via .Net config

1. how to set ServicePointManager.ServerCertificateValidationCallback in web.config

2. How to stop certificate errors temporarily with WCF services (OzrenTkalcecKrznaric's answer)

In case of Visual Studio 2015, the .Net config file is located at "%PROGRAMFILES(x86)%\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe.config".

I hope it is helpful.