How can I ignore https certificate warnings in the c# signalr client?

Question

I'm attempting to connect to a SignalR server with an invalid certificate. Unsurprisingly I get the following error:

    System.Net.Http.HttpRequestException : An error occurred while sending the request.
----> System.Net.WebException : The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.
  ----> System.Security.Authentication.AuthenticationException : The remote certificate is invalid according to the validation procedure.

With the normal .Net HttpClient you can construct it with a WebRequestHandler that has a ServerCertificateValidationCallback delegate, allowing you to change the certificate validation behaviour. The SignalR HttpClient appears to have none of this.

Answer 1

I believe that I have found a way that seems to work but isn't global like the ServicePointManager.ServerCertificateValidationCallback approach that is typically recommended. I started by making a subclass of the SignalR "DefaultHttpClient" class as follows:

class CustomHttpClient : DefaultHttpClient
    {
        private readonly System.Net.Security.RemoteCertificateValidationCallback _serverCertificateValidationCallback;

        public CustomHttpClient (System.Net.Security.RemoteCertificateValidationCallback serverCertificateValidationCallback) : base()
        {
            this._serverCertificateValidationCallback = serverCertificateValidationCallback;
        }

        protected override HttpMessageHandler CreateHandler()
        {
            var rv = base.CreateHandler() as WebRequestHandler;
            if (this._serverCertificateValidationCallback != null)
                rv.ServerCertificateValidationCallback = this._serverCertificateValidationCallback;
            return rv;
        }
    }

Now I can use my custom HttpClient implementation when I call "Start" on my HubConnection instance as follows:

var hubConnection = new HubConnection("my server url");
var myHub = hubConnection.CreateHubProxy("my hub name");
hubConnection.Start(new CustomHttpClient((sender, certificate, chain, sslPolicyErrors) =>
                {
                    //put some validation logic here if you want to.
                    return true;
                }));

This should allow you to validate the server certificate as you see fit, but keep the scope to the current HubConnection instead of affecting all HTTP traffic from your app.

Answer 2

You should register a method for ServerCertificateValidationCallback event.

This code just registers an anonymous method which returns true when the event is fired.

ServicePointManager.ServerCertificateValidationCallback +=
                  (sender, certificate, chain, sslPolicyErrors) => true;

Be careful, this is a global setting. So all ssl/tls request signalr or http will use this setting.