Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Why is my ServicePointManager.ServerCertificateValidationCallback being ignored?

Tags:

c#

.net

certificate

winforms

I'm making a web request in a winforms app. I'm providing custom certificate validation like so:

    ServicePointManager.ServerCertificateValidationCallback += 
        new RemoteCertificateValidationCallback(certValidator.ValidateRemoteCertificate);

where certValidator.ValidateRemoteCertificate is

public bool ValidateRemoteCertificate(object sender, X509Certificate certificate,
                                      X509Chain chain, SslPolicyErrors policyErrors)
{
        return false;
}

As you can see, this callback should reject all server certificates and close any attempted connections.

My problem is that this callback is completely ignored. I submit an https request and it works like a charm. Watching it in the debugger I can see that ValidateRemoteCertificate is never invoked.

Why is my replacement callback never called back?

EDIT: LB asked for the webrequest, so here it is:

HttpWebRequest request = (HttpWebRequest)WebRequest.Create(sourceUrl);
request.UseDefaultCredentials = true;
request.UserAgent = "Mozilla/5.0 (Windows; U; MSIE 9.0; WIndows NT 9.0; en-US))";    

request.KeepAlive = false;
request.Headers.Add("Accept-Language", "en-us,en;q=1.0");
request.Method = "GET";
HttpWebResponse response = (HttpWebResponse)request.GetResponse();

EDIT 2: It's probably unrelated, but in the .config file I instruct it to use the configured proxy like so:

<system.net>
    <defaultProxy useDefaultCredentials="true"/>
</system.net>

EDIT 3: Below is a complete, minimal example that manifests the behavior. I expect this example to throw an exception because all certificates should be rejected, but it works just fine.

using System;
using System.Collections.Generic;
using System.Linq;
using System.Net;
using System.Text;

namespace SPMCertCallbackDemonstrator
{
    class Program
    {
        static void Main(string[] args)
        {
            ServicePointManager.ServerCertificateValidationCallback = delegate { return false;};
            HttpWebRequest request = (HttpWebRequest)WebRequest.Create("http://www.google.com");
            request.Method = "GET";
            HttpWebResponse response = (HttpWebResponse)request.GetResponse();
        }
    }
}

Why is my replacement callback never called back?

like image 895
Eric Avatar asked Jan 24 '14 22:01

Eric

People also ask

What is ServicePointManager ServerCertificateValidationCallback?

ServicePointManager. ServerCertificateValidationCallback is a function, that is used to validate a server certificate. Our application uses custom validation by the client.

How do you ignore the remote certificate is invalid according to the validation procedure?

Right click your application name in Web Site. Select "Properties---Directory Security---Secure Communications---Edit----Cient Certificates---Ignore client certificates"

What is RemoteCertificateValidationCallback?

RemoteCertificateValidationCallback DelegateVerifies the remote Secure Sockets Layer (SSL) certificate used for authentication.

1 Answers

There was nothing wrong with the original code I posted. I was requesting over http instead of https. Thus no certificate validation was required. As soon as I invoked an https request, it worked fine.

like image 154
Eric Avatar answered Oct 05 '22 16:10

Eric
Sign in to Comment

Related questions

Intermittent receive failure using mvc webgrid on server only
Custom detail pages in Windows 8 grid application
System.Xml.XmlException: Unexpected end of file while parsing Name has occurred
Single config file for solution
ListViewItem IsSelected Binding - Works for WPF, but not for WinRT
Default value for Rational Number struct
The type or namespace name 'Practices' does not exist in the namespace 'Microsoft'
Is it safe to use GetHashCode to compare identical Anonymous types?
Is there an alternative to AppDomain.GetAssemblies on portable library?
Concatenating three lists into one with LINQ throws an exception
C# IStream implemenation of IStream
UIAutomation Memory Issue
Is it cheaper to get a specific StackFrame instead of StackTrace.GetFrame?
Why is this LINQ query not executed when using foreach?
Rename Control in XAML
Proper time to cast vs. convert in c#
Unexpected behavior when passing async Actions around
Does OWin support WCF?
Is there a maximum size for application settings?
Force a Task to continue on the current thread?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!