Dart.Ftp 名前空間 > TcpBase クラス > AuthenticateAsClient メソッド : AuthenticateAsClient(ClientSecurity) メソッド |
<ObsoleteAttribute("Use AuthenticateAsClient(TcpSession) instead.")> <SecuritySafeCriticalAttribute()> Public Overloads Sub AuthenticateAsClient( _ ByVal security As ClientSecurity _ )
[Obsolete("Use AuthenticateAsClient(TcpSession) instead.")] [SecuritySafeCritical()] public void AuthenticateAsClient( ClientSecurity security )
security.TargetHostはサーバー証明書名に一致する必要があります。認証が失敗した場合は、AuthenticationExceptionが発生します。
証明書を受け入れるか拒否するかを"オンザフライで"決定するには、Security.ValidationCallback関数を実装します。
クライアント証明書を"オンザフライで"選択するには、ClientSecurity.SelectionCallback関数を実装します。
//using System.Net.Security; //using System.Security.Authentication; //using System.Security.Cryptography.X509Certificates; private void doAuthentication(string server, SslProtocols protocol, bool checkRevocation) { // サーバーを認証し、証明書コールバック関数を指定します。 ClientSecurity security = new ClientSecurity(); security.TargetHost = server; security.Protocols = protocol; security.CheckCertificateRevocation = checkRevocation; security.ValidationCallback = certificateReceived; myComponent.AuthenticateAsClient(security); } private static bool certificateReceived(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors) { // サーバー証明書に問題がない場合、trueを返します。 if (sslPolicyErrors == SslPolicyErrors.None) return true; bool acceptCertificate = true; string msg = "The server could not be validated for the following reason(s):\r\n"; // サーバーが証明書を提示しなかった場合 if ((sslPolicyErrors & SslPolicyErrors.RemoteCertificateNotAvailable) == SslPolicyErrors.RemoteCertificateNotAvailable) { msg = msg + "\r\n -The server did not present a certificate.\r\n"; acceptCertificate = false; } else { // 証明書がサーバー名と一致しない場合 if ((sslPolicyErrors & SslPolicyErrors.RemoteCertificateNameMismatch) == SslPolicyErrors.RemoteCertificateNameMismatch) { msg = msg + "\r\n -The certificate name does not match the authenticated name.\r\n"; acceptCertificate = false; } // 証明書に関するその他の問題がある場合 if ((sslPolicyErrors & SslPolicyErrors.RemoteCertificateChainErrors) == SslPolicyErrors.RemoteCertificateChainErrors) { foreach (X509ChainStatus item in chain.ChainStatus) { if (item.Status != X509ChainStatusFlags.RevocationStatusUnknown && item.Status != X509ChainStatusFlags.OfflineRevocation) break; if (item.Status != X509ChainStatusFlags.NoError) { msg = msg + "\r\n -" + item.StatusInformation; acceptCertificate = false; } } } } // 検証が失敗した場合、メッセージボックスを表示します。 if (acceptCertificate == false) { msg = msg + "\r\nDo you wish to override the security check?"; if (MessageBox.Show(msg, "Security Alert: Server could not be validated", MessageBoxButtons.YesNo, MessageBoxIcon.Exclamation) == DialogResult.Yes) acceptCertificate = true; } return acceptCertificate; }
'Imports System.Net.Security 'Imports System.Security.Authentication 'Imports System.Security.Cryptography.X509Certificates Private Sub doAuthentication(ByVal server As String, ByVal protocol As SslProtocols, _ ByVal checkRevocation As Boolean) ClientSecurity security = new ClientSecurity() security.TargetHost = server security.Protocols = protocol security.CheckCertificateRevocation = checkRevocation security.ValidationCallback = AddressOf certificateReceived myComponent.AuthenticateAsClient(security) End Sub Private Shared Function certificateReceived(ByVal sender As Object, ByVal certificate As X509Certificate, _ ByVal chain As X509Chain, ByVal sslPolicyErrors As SslPolicyErrors) As Boolean ' サーバー証明書に問題がない場合、trueを返します。 If sslPolicyErrors = SslPolicyErrors.None Then Return True End If Dim acceptCertificate As Boolean = True Dim msg As String = "The server could not be validated for the following reason(s):" & Constants.vbCrLf ' サーバーが証明書を提示しなかった場合 If (sslPolicyErrors And _ SslPolicyErrors.RemoteCertificateNotAvailable) = SslPolicyErrors.RemoteCertificateNotAvailable Then msg = msg & Constants.vbCrLf & " -The server did not present a certificate." & Constants.vbCrLf acceptCertificate = False Else ' 証明書がサーバー名と一致しない場合 If ((sslPolicyErrors And _ SslPolicyErrors.RemoteCertificateNameMismatch) = SslPolicyErrors.RemoteCertificateNameMismatch) Then msg = msg & Constants.vbCrLf & _ " -The certificate name does not match the authenticated name." & Constants.vbCrLf acceptCertificate = False End If ' 証明書に関するその他の問題がある場合 If (sslPolicyErrors And _ SslPolicyErrors.RemoteCertificateChainErrors) = SslPolicyErrors.RemoteCertificateChainErrors Then For Each item As X509ChainStatus In chain.ChainStatus If item.Status <> X509ChainStatusFlags.RevocationStatusUnknown AndAlso _ item.Status <> X509ChainStatusFlags.OfflineRevocation Then Exit For End If If (item.Status <> X509ChainStatusFlags.NoError) Then msg = msg & Constants.vbCrLf & " -" & item.StatusInformation acceptCertificate = False End If Next item End If End If ' 検証が失敗した場合、メッセージボックスを表示します。 If acceptCertificate = False Then msg = msg & Constants.vbCrLf & "Do you wish to override the security check?" If MessageBox.Show(msg, "Security Alert: Server could not be validated", _ MessageBoxButtons.YesNo, MessageBoxIcon.Exclamation) = System.Windows.Forms.DialogResult.Yes Then acceptCertificate = True End If End If Return acceptCertificate End Function