How to ignore the certificate check when ssl

c# ssl httpwebrequest certificate
Joe.wang picture Joe.wang · Sep 20, 2012 · Viewed 275.3k times · Source

I am trying find a way to ignore the certificate check when request a Https resource, so far, I found some helpful article in internet.

But I still have some problem. Please review my code. I just don't understand what does the code ServicePointManager.ServerCertificateValidationCallback mean.

When will this delegate method be called? And one more question, in which place should I write this code? Before ServicePointManager.ServerCertificateValidationCallback execute or before Stream stream = request.GetRequestStream()? 

public HttpWebRequest GetRequest()
{
    CookieContainer cookieContainer = new CookieContainer();

    // Create a request to the server
    HttpWebRequest request = (HttpWebRequest)WebRequest.Create(_remoteUrl);

    #region Set request parameters

    request.Method = _context.Request.HttpMethod;
    request.UserAgent = _context.Request.UserAgent;
    request.KeepAlive = true;
    request.CookieContainer = cookieContainer;
    request.PreAuthenticate = true;
    request.AllowAutoRedirect = false;

    #endregion

    // For POST, write the post data extracted from the incoming request
    if (request.Method == "POST")
    {
        Stream clientStream = _context.Request.InputStream;
        request.ContentType = _context.Request.ContentType;
        request.ContentLength = clientStream.Length;

        ServicePointManager.ServerCertificateValidationCallback = delegate(
            Object obj, X509Certificate certificate, X509Chain chain, 
            SslPolicyErrors errors)
            {
                return (true);
            };

            Stream stream = request.GetRequestStream();

            ....
        }

        ....

        return request;
    }
}

Answer

Adam Venezia picture Adam Venezia · Sep 4, 2013

For anyone interested in applying this solution on a per request basis, this is an option and uses a Lambda expression. The same Lambda expression can be applied to the global filter mentioned by blak3r as well. This method appears to require .NET 4.5.

String url = "https://www.stackoverflow.com";
HttpWebRequest request = HttpWebRequest.CreateHttp(url);
request.ServerCertificateValidationCallback += (sender, certificate, chain, sslPolicyErrors) => true;

In .NET 4.0, the Lambda Expression can be applied to the global filter as such

ServicePointManager.ServerCertificateValidationCallback += (sender, certificate, chain, sslPolicyErrors) => true;

Related questions

Error: C# The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel

I'm trying to make a request via SSL. The certificate is already installed on the machine and it works via browser. I am using this request: System.Text.ASCIIEncoding encoding = new System.Text.ASCIIEncoding(); byte[] data = encoding.GetBytes(request.Content.…

Read More
How to send an HTTPS GET Request in C#

Related: how-do-i-use-webrequest-to-access-an-ssl-encrypted-site-using-https How to send an HTTPS GET Request in C#?

Read More
The request was aborted: Could not create SSL/TLS secure channel

My customer has informed my of issues with their SSL and Internet Explorer. They said they get trust issues when accessing the URL. I am accessing JSON through HTTPS. The website sits on one server and I am using the …

Read More