Ignore SSL certificate errors in Xamarin.Forms (PCL)

ssl xamarin.forms

Is there any way to do something like described here: https://stackoverflow.com/a/2675183 but in Xamarin.Forms PCL App? I'm using HttpClient to connect to the server.


ServicePointManager isn't defined in PCL but defined in platform specific classes.

There are ServicePointManager in both Xamarin.iOS and Xamarin.Android with same usage. You can reference it inside any classes in your platform projects. However, currently there is no such class and seems no way to do so for Windows Phone app.

Example:

// Xamarin.Android

public class MainActivity : global::Xamarin.Forms.Platform.Android.FormsApplicationActivity
{
    protected override void OnCreate(Bundle bundle)
    {
        // You may use ServicePointManager here
        ServicePointManager
            .ServerCertificateValidationCallback +=
            (sender, cert, chain, sslPolicyErrors) => true;

        base.OnCreate(bundle);

        global::Xamarin.Forms.Forms.Init(this, bundle);
        LoadApplication(new App());
    }
}

// Xamarin.iOS

public partial class AppDelegate : global::Xamarin.Forms.Platform.iOS.FormsApplicationDelegate
{
    public override bool FinishedLaunching(UIApplication app, NSDictionary options)
    {
        ServicePointManager
            .ServerCertificateValidationCallback +=
            (sender, cert, chain, sslPolicyErrors) => true;

        global::Xamarin.Forms.Forms.Init();
        LoadApplication(new App());

        return base.FinishedLaunching(app, options);
    }
}

With a unique code on Xamarin.Forms way, instantiate a HttpClientHandler Example:

private HttpClient _httpClient;
public HttpClient HttplicentAccount
{
    get
    {
        _httpClient = _httpClient ?? new HttpClient
        (
            new HttpClientHandler()
            {
                ServerCertificateCustomValidationCallback = (sender, cert, chain, sslPolicyErrors) =>
                {
                    //bypass
                    return true;
                },
            }
            , false
        )
        {
            BaseAddress = new Uri("YOUR_API_BASE_ADDRESS"),
        };

        // In case you need to send an auth token...
        _httpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Authorization", "YOUR_TOKEN");
        return _httpClient;
    }
}

If you are using AndroidClientHandler, you need to supply a SSLSocketFactory and a custom implementation of HostnameVerifier with all checks disabled. To do this, you’ll need to subclass AndroidClientHandler and override the appropriate methods.

internal class BypassHostnameVerifier : Java.Lang.Object, IHostnameVerifier
{
    public bool Verify(string hostname, ISSLSession session)
    {
        return true;
    }
}

internal class BypassSslValidationClientHandler : AndroidClientHandler
{
    protected override SSLSocketFactory ConfigureCustomSSLSocketFactory(HttpsURLConnection connection)
    {
        return SSLCertificateSocketFactory.GetInsecure(1000, null);
    }

    protected override IHostnameVerifier GetSSLHostnameVerifier(HttpsURLConnection connection)
    {
        return new BypassHostnameVerifier();
    }
}

And then

var handler = new BypassSslValidationClientHandler();
var httpClient = new System.Net.Http.HttpClient(handler);

Related

Driver.getConnection hangs using SQLServer driver and Java 1.6.0_29
C# string replace
EXC_BAD_ACCESS in heightForRowAtIndexPath iOS
Selecting the second row of a table using rownum
Java Reflection Beans Property API
how to bind multiple parameters to MySQLi query [closed]
Applying Styles To ListItems in CheckBoxList
Is there a way to clone form field values in jQuery or javascript?
Why is "Application permissions" disabled in Azure AD's "Request API permissions"?
How to initialize a DateTime field?
For nested templates, when did `>>` become standard C++ (instead of `> >`)?
Forcing PowerShell errors output in English on localized systems