question

chbernard avatar image
0 Votes"
chbernard asked chbernard commented

xamarin android : https ServicePointManager.ServerCertificateValidationCallback ?

Hello all,
we have a web site under http who work fine.
Now we pass all in https with a certificate and a basique authentification.

If i call this web site on https with postman , certificate and credentials it's ok

Now on my device android (xamarin android) i need to call this web site and get some information)
I"ve add the certificate on device call this url on https with credentials and it's work fine.

But after read some information i've find this :
https://docs.microsoft.com/en-us/dotnet/fundamentals/code-analysis/quality-rules/ca5359

it's talk about the call back -> ServicePointManager.ServerCertificateValidationCallback
my question is , what i do actually is it enough for to secure OR i need to check also with the call back (https ServicePointManager.ServerCertificateValidationCallback) ?

for me, but i'm not expert at all what i do is enough because there is TLS on both side and user pwd is encrypt

thanks for your comment

dotnet-xamarin
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

LeonLu-MSFT avatar image
0 Votes"
LeonLu-MSFT answered chbernard commented

Hello,​

Based on my research, you need to achieve ServerCertificateValidationCallback. Ignoring SSL certificate errors is not a good idea and should never be done in production.

If you meet the ServerCertificateValidationCallback not called anymore in android 10 or later. Please use HttpClientHandler.ServerCertificateCustomValidationCallback Property instead.

Best Regards,

Leon Lu


If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


· 2
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

LeonLu-MSFT avatar image LeonLu-MSFT ·

@chbernard May I know if you have got any chance to check my answer? I am glad to help if you have any other questions

1 Vote 1 ·
chbernard avatar image chbernard LeonLu-MSFT ·

Hello, sorry for delay

thanks for all

0 Votes 0 ·