From 6635c65afd4cbc9cd508d7a8fcbf97078e1e69bd Mon Sep 17 00:00:00 2001 From: ManickaP Date: Tue, 17 Jun 2025 15:40:33 +0200 Subject: [PATCH 1/5] Improve example for ServerCertificateValidationCallback --- .../WinHttpHandler/Project.csproj | 8 ++++++ .../System.Net.Http/WinHttpHandler/program.cs | 25 +++++++++++++++++++ xml/System.Net.Http/WinHttpHandler.xml | 6 +++++ 3 files changed, 39 insertions(+) create mode 100644 snippets/csharp/System.Net.Http/WinHttpHandler/Project.csproj create mode 100644 snippets/csharp/System.Net.Http/WinHttpHandler/program.cs diff --git a/snippets/csharp/System.Net.Http/WinHttpHandler/Project.csproj b/snippets/csharp/System.Net.Http/WinHttpHandler/Project.csproj new file mode 100644 index 00000000000..c02dc5044e7 --- /dev/null +++ b/snippets/csharp/System.Net.Http/WinHttpHandler/Project.csproj @@ -0,0 +1,8 @@ + + + + Library + net6.0 + + + \ No newline at end of file diff --git a/snippets/csharp/System.Net.Http/WinHttpHandler/program.cs b/snippets/csharp/System.Net.Http/WinHttpHandler/program.cs new file mode 100644 index 00000000000..c7bd2508895 --- /dev/null +++ b/snippets/csharp/System.Net.Http/WinHttpHandler/program.cs @@ -0,0 +1,25 @@ +using System; +using System.Net; +using System.Net.Http; +using System.Net.Sockets; +using System.Threading.Tasks; + +class HttpClientHandler_SecureExample +{ + static async Task Main() + { + // + var handler = new WinHttpHandler(); + handler.ServerCertificateValidationCallback = (httpRequestMessage, certificate, chain, sslPolicyErrors) + { + if (sslPolicyErrors == SslPolicyErrors.None) + return true; + + Console.WriteLine("Certificate error: {0}", sslPolicyErrors); + + // Do not allow this client to communicate with unauthenticated servers. + return false; + } + // + } +} diff --git a/xml/System.Net.Http/WinHttpHandler.xml b/xml/System.Net.Http/WinHttpHandler.xml index 13d3f0dfc25..8410cc3de7b 100644 --- a/xml/System.Net.Http/WinHttpHandler.xml +++ b/xml/System.Net.Http/WinHttpHandler.xml @@ -747,6 +747,12 @@ When this property is set to `true`, all HTTP redirect responses from the server ## Remarks The default value is `null`. If this property is `null`, the server certificate is validated using standard well-known certificate authorities. + The delegate's `sslPolicyErrors` argument contains any certificate errors returned by SSPI while authenticating the server. The value returned by this delegate determines whether the authentication is allowed to succeed. + +## Examples + The following code example implements the callback. If there are validation errors, this method displays them and returns `false`, which prevents communication with the unauthenticated server. + + :::code language="csharp" source="~/snippets/csharp/System.Net.Http/WinHttpHandler/program.cs" id="Snippet1"::: ]]> From 4deec0ab12f4c5e64b3e5423a5058bcc9c49d2cf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marie=20P=C3=ADchov=C3=A1?= <11718369+ManickaP@users.noreply.github.com> Date: Tue, 17 Jun 2025 17:07:45 +0200 Subject: [PATCH 2/5] Update snippets/csharp/System.Net.Http/WinHttpHandler/program.cs Co-authored-by: Anton Firszov --- snippets/csharp/System.Net.Http/WinHttpHandler/program.cs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/snippets/csharp/System.Net.Http/WinHttpHandler/program.cs b/snippets/csharp/System.Net.Http/WinHttpHandler/program.cs index c7bd2508895..bdd284c6898 100644 --- a/snippets/csharp/System.Net.Http/WinHttpHandler/program.cs +++ b/snippets/csharp/System.Net.Http/WinHttpHandler/program.cs @@ -4,7 +4,7 @@ using System.Net.Sockets; using System.Threading.Tasks; -class HttpClientHandler_SecureExample +class WinHttpHandler_SecureExample { static async Task Main() { From 82db14cdbb51e7e2338dfbf7c24745d7208015e9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marie=20P=C3=ADchov=C3=A1?= <11718369+ManickaP@users.noreply.github.com> Date: Wed, 18 Jun 2025 09:15:04 +0200 Subject: [PATCH 3/5] Update xml/System.Net.Http/WinHttpHandler.xml Co-authored-by: Genevieve Warren <24882762+gewarren@users.noreply.github.com> --- xml/System.Net.Http/WinHttpHandler.xml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/xml/System.Net.Http/WinHttpHandler.xml b/xml/System.Net.Http/WinHttpHandler.xml index 8410cc3de7b..3225b50b8ca 100644 --- a/xml/System.Net.Http/WinHttpHandler.xml +++ b/xml/System.Net.Http/WinHttpHandler.xml @@ -750,7 +750,8 @@ When this property is set to `true`, all HTTP redirect responses from the server The delegate's `sslPolicyErrors` argument contains any certificate errors returned by SSPI while authenticating the server. The value returned by this delegate determines whether the authentication is allowed to succeed. ## Examples - The following code example implements the callback. If there are validation errors, this method displays them and returns `false`, which prevents communication with the unauthenticated server. + +The following code example implements the callback. If there are validation errors, this method displays them and returns `false`, which prevents communication with the unauthenticated server. :::code language="csharp" source="~/snippets/csharp/System.Net.Http/WinHttpHandler/program.cs" id="Snippet1"::: ]]> From ae0673b94f261e5fa1ee7fae1b4338c424109b87 Mon Sep 17 00:00:00 2001 From: ManickaP Date: Wed, 18 Jun 2025 11:38:15 +0200 Subject: [PATCH 4/5] Fixed sample --- .../WinHttpHandler/Project.csproj | 8 +++++-- .../System.Net.Http/WinHttpHandler/program.cs | 22 +++++++++++-------- 2 files changed, 19 insertions(+), 11 deletions(-) diff --git a/snippets/csharp/System.Net.Http/WinHttpHandler/Project.csproj b/snippets/csharp/System.Net.Http/WinHttpHandler/Project.csproj index c02dc5044e7..c99f5065527 100644 --- a/snippets/csharp/System.Net.Http/WinHttpHandler/Project.csproj +++ b/snippets/csharp/System.Net.Http/WinHttpHandler/Project.csproj @@ -2,7 +2,11 @@ Library - net6.0 + net9.0 - + + + + + \ No newline at end of file diff --git a/snippets/csharp/System.Net.Http/WinHttpHandler/program.cs b/snippets/csharp/System.Net.Http/WinHttpHandler/program.cs index bdd284c6898..47d739424ca 100644 --- a/snippets/csharp/System.Net.Http/WinHttpHandler/program.cs +++ b/snippets/csharp/System.Net.Http/WinHttpHandler/program.cs @@ -1,25 +1,29 @@ using System; using System.Net; using System.Net.Http; -using System.Net.Sockets; -using System.Threading.Tasks; +using System.Net.Security; class WinHttpHandler_SecureExample { - static async Task Main() + static void Main() { + if (!OperatingSystem.IsWindows()) + { + Console.WriteLine("This example requires Windows."); + return; + } // var handler = new WinHttpHandler(); - handler.ServerCertificateValidationCallback = (httpRequestMessage, certificate, chain, sslPolicyErrors) + handler.ServerCertificateValidationCallback = (httpRequestMessage, certificate, chain, sslPolicyErrors) => { - if (sslPolicyErrors == SslPolicyErrors.None) + if (sslPolicyErrors == SslPolicyErrors.None) + { + // TODO: Implement additional custom certificate validation logic here. return true; - - Console.WriteLine("Certificate error: {0}", sslPolicyErrors); - + } // Do not allow this client to communicate with unauthenticated servers. return false; - } + }; // } } From 1efe08a51f977b02981fe9b03ff0f5ec07b5432e Mon Sep 17 00:00:00 2001 From: ManickaP Date: Wed, 18 Jun 2025 15:49:40 +0200 Subject: [PATCH 5/5] Change description with changed example --- xml/System.Net.Http/WinHttpHandler.xml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/xml/System.Net.Http/WinHttpHandler.xml b/xml/System.Net.Http/WinHttpHandler.xml index 3225b50b8ca..6f311881e4c 100644 --- a/xml/System.Net.Http/WinHttpHandler.xml +++ b/xml/System.Net.Http/WinHttpHandler.xml @@ -740,7 +740,7 @@ When this property is set to `true`, all HTTP redirect responses from the server Gets or sets a callback method to validate the server certificate. This callback is part of the SSL handshake. - The callback should return if the server certificate is considered valid and the request should be sent. Otherwise, return . + The callback should return if the server certificate is considered valid and the request should be sent. Otherwise, returns .