Property RemoteCertificateValidationCallback
RemoteCertificateValidationCallback
Gets or sets the delegate that validates the server certificate during SSL/TLS handshake.
Declaration
public RemoteCertificateValidationCallback RemoteCertificateValidationCallback { get; set; }Property Value
| Type | Description |
|---|---|
| System.Net.Security.RemoteCertificateValidationCallback | The delegate that validates the server certificate during SSL/TLS handshake. |
Remarks
This callback can examine all SSL connections made by the Maps SDK and by ArcGISHttpMessageHandler
to service HTTPS requests. When RemoteCertificateValidationCallback is null,
server certificates are validated by the operating system using default policies and known certificate authorities.
A custom validator can be used to override the default behavior and accept or reject server certificates based on custom criteria,
such as:
- Accept server credentials that would otherwise be rejected by the system. For example, your app needs to make an HTTPS connection to a development server or through a proxy with a self-signed certificate. Refer to the Ignore specific validation errors section in the .NET Security Best Practices guide for a sample implementation.
- Reject credentials that would otherwise be accepted by the system. For example, your app needs to "pin" a set of specific keys or certificates under your control, rather than accept any valid credential. Refer to the Certificate pinning section in the .NET Security Best Practices guide for a sample implementation.
You can obtain the remote hostname from the "sender" parameter. Depending on context, the "sender" may be
either System.Net.Http.HttpRequestMessage or System.Net.Security.SslStream.
When the sslPolicyErrors parameter is System.Net.Security.SslPolicyErrors.None, the certificate is considered valid by system's default validation.
Otherwise, details about SSL errors can be obtained from System.Security.Cryptography.X509Certificates.X509Chain.ChainStatus of the certificateChain parameter.
Return true from the callback to accept the server certificate, or false to reject it.
The returned value is not cached and the callback is invoked each time a new connection is made.
The callback should be able to handle repeated calls for the same server, including parallel calls from multiple threads.
When targeting .NET 8+, secure WebSocket connections from ArcGISStreamService will use this callback.
When targeting .NET Framework, WebSocket connections go through System.Net.ServicePointManager.ServerCertificateValidationCallback instead.
When targeting UWP, there is no way to customize certificate validation for WebSockets.
See Also
Applies to
Platforms and versions
| Target | Versions |
|---|---|
| .NET Standard 2.0 | 200.6 |
| .NET | 200.6 |
| .NET Windows | 200.6 |
| .NET Android | 200.6 |
| .NET iOS | 200.6 |
| .NET Framework | 200.6 |
| UWP | 200.6 |