Glossary Item Box

PowerTCP Mail for .NET

Creating a Mail Client

Creating a Mail client is quite simple. Simply set the Security property to the type of security/authentication desired, then simply connect to your Mail server, and handle all certificate-related issues in the CertificateReceived or CertificateRequested events.

The Simplest Secure Example: Disabling All Security Checks.

This example demonstrates the simplest possible secure example. In this example, the UseAuthentication property is set to false, "disabling" standard security checks. (NOTE: This does NOT disable security). This means that even if an invalid certificate is received from the server, it is accepted and SSL communication is established. This has obvious security shortcomings, which will be addressed later in the topic.

This example demonstrates security using the Smtp component. The Pop and Imap components work similarly.

[C#]
private void SecureTest()
{
   // "Disable" security checks...just accept any certificate the server presents
   smtp1.UseAuthentication = false;

   // Use explicit SSL
   smtp1.Security = Dart.PowerTCP.Mail.Security.Explicit;

   // Send a message, it will initiate an SSL connection
   smtp1.Server = "MyMailServer";
   smtp1.Send("you@dart.com", "me@dart.com", "SSL Test", "Hello");

   MessageBox.Show("Message Sent");
}

[Visual Basic]
Private Sub SecureTest()
   ' "Disable" security checks...just accept any certificate the server presents
   Smtp1.UseAuthentication = False

   ' Use explicit SSL
   Smtp1.Security = Dart.PowerTCP.Mail.Security.Explicit

   ' Send a message, it will initiate an SSL connection
   Smtp1.Server = "MyMailServer"
   Smtp1.Send("you@dart.com", "me@dart.com", "SSL Test", "Hello")

   MessageBox.Show("Message Sent")
End Sub

A More Advanced Secure Client: Validating certificates.

The example above demonstrates communicating securely but is flawed, mainly because all certificates are automatically accepted. Typically, your secure client will need to perform some basic "filtering" on the certificates, checking for a valid name, a valid date, etc. To do this, set UseAuthentication to true and handle which certificates are accepted/rejected in the CertificateReceived event.

[C#]
private void SecureTest()
{
   // "Disable" security checks...just accept any certificate the server presents
   smtp1.UseAuthentication = false;

   // Use explicit SSL
   smtp1.Security = Dart.PowerTCP.Mail.Security.Explicit;

   // Send a message, it will initiate an SSL connection
   smtp1.Server = "MyMailServer";
   smtp1.Send("you@dart.com", "me@dart.com", "SSL Test", "Hello");

   MessageBox.Show("Message Sent");
}                       

private void smtp1_CertificateReceived(object sender, Dart.PowerTCP.Mail.CertificateReceivedEventArgs e)
{
   string msg = "";

   // Check to see if the certificate is from a trusted root.
   if(!e.TrustedRoot)
      msg+= "This certificate is not from a trusted root\n";

   // Check to see if the certificate has a valid date.
   if(!e.ValidDate)
      msg+= "This certificate does not have a valid date\n";

   // Check to see if the certificate has a valid name.
   if(!e.ValidName)
      msg+= "This certificate does not have a valid name\n";

   if(msg != "")
   {
      msg += "Would you like to accept this certificate anyway?";
      if(MessageBox.Show(msg, "Invalid Cert Received", MessageBoxButtons.YesNo) == DialogResult.Yes)
      {
         // User wants to accept the invalid cert. Accept it.
             e.Accept = true;
          }
   }
}

[Visual Basic]
Private Sub SecureTest()
   ' "Disable" security checks...just accept any certificate the server presents
   Smtp1.UseAuthentication = False

   ' Use explicit SSL
   Smtp1.Security = Dart.PowerTCP.Mail.Security.Explicit

   ' Send a message, it will initiate an SSL connection
   Smtp1.Server = "MyMailServer"
   Smtp1.Send("you@dart.com", "me@dart.com", "SSL Test", "Hello")

   MessageBox.Show("Message Sent")
End Sub

Private Sub Smtp1_CertificateReceived(ByVal sender As Object, e As Dart.PowerTCP.Mail.CertificateReceivedEventArgs) Handles Smtp1.CertificateReceived
   Dim msg As String =  ""  
   
   ' Check to see if the  certificate is from a trusted root. 
   If Not e.TrustedRoot Then 
      msg + = "This certificate is not from a trusted root" + vbCrLf  
   End If 
   
   ' Check to see if the certificate has a valid date.
   If Not e.ValidDate Then
      msg += "This certificate does not have a valid date" + vbCrLf
   End If

   ' Check to see if the certificate has a valid name.
   If Not e.ValidName Then
      msg +="This certificate does not have a valid name" + vbCrLf 
   End If 
   
   If msg <>  "" Then
      msg += "Would you like to accept this certificate anyway?"
      If MessageBox.Show(msg, "Invalid Cert Received", MessageBoxButtons.YesNo) = DialogResult.Yes Then
         ' User wants to accept the invalid cert. Accept it.
         e.Accept = True
      End If
   End If
End Sub

 

In This Section

Security Overview
Provides an overview of basic security concepts such as digital certificates and authentication.
Creating A Mail Client
Provides a step-by-step set of instructions on how to create a Mail client.
Handling Client Authentication.
Demonstrates how to use a certificate to authenticate the client to the server.
Explicit vs Implicit Security
Discusses the differences between using explicit and implicit SSL.
Using The CertificateListForm Object
Demonstrates how to use the CertificateListForm to assist users in selecting a certificate.
Using MMC To Manage SSL Certificates
Discusses how to use the Microsoft Management Console to manage SSL certificates.
Windows 95/98 Security Compatibility
Discusses compatibility issues with Windows 95 and 98.

 

 

Send comments on this topic.

Documentation version 3.1.

© 2009 Dart Communications.  All rights reserved.