SmimeVerify2 Method
Verifies if the signature of the specified e-mail message is valid.

Namespace: MailBee.Security
Assembly: MailBee.NET (in MailBee.NET.dll) Version: 12.5.0 build 687 for .NET 4.5
Syntax
Copy
public SmimeResult Verify2(
	MailMessage message,
	MessageVerificationFlags flags,
	X509Certificate2Collection extraCerts
)

Parameters

message
Type: MailBee.MimeMailMessage
The message to be verified.
flags
Type: MailBee.SecurityMessageVerificationFlags
A set of flags which specify the verification criteria.
extraCerts
Type: System.Security.Cryptography.X509CertificatesX509Certificate2Collection
Additional certificates of the certification authorities, or a null reference (Nothing in Visual Basic) if only the system default certification authorities should be used for validating the certificate of the message signature.

Return Value

Type: SmimeResult
A reference to SmimeResult object containing either a bitwise combination of MessageVerificationFlags indicating which conditions of flags criteria have not been passed the verification or None if the verification completed successfully or the message was not signed.
Exceptions
ExceptionCondition
MailBeeInvalidArgumentExceptionmessage is a null reference (Nothing in Visual Basic).
Remarks

If the message has so-called "attached" signature, you'll need to check DecryptedMessage of the returned value of this method in order to get access to the original (unsigned) message. This is because messages with attached signatures look like encrypted messages so it's required to decode such a message (like in decryption procedure) to get access to the original message. Therefore checking the signature may also extract the original message from it. If DecryptedMessage is not set (null reference) in the returned value of this method, this means the message has so-called "detached" signature which is not encapsulated into the original message contents but simply added as attachment. In this case, message input parameter already refers to the original message and there is no need to extract anything.

extraCerts usually needs to be set if the system default store lacks a certification authority which issued the certificate the message is signed with. This is common case for ASP.NET web applications because ASP.NET user has fewer certification authorities in its system default store than regular Windows users.

To check the message verification result, examine VerificationResult property of the returned SmimeResult object. To access the signature certificate, use SignatureCertificate property of the same object.

To check if the original message had a digital signature, examine IsSigned property value of the original MailMessage object.

To decrypt and verify a message within a single method call, use DecryptAndVerify2(MailMessage, MessageVerificationFlags, X509Certificate2Collection, X509Certificate2Collection) method or its overloads.

Note Note
This method can be slow in case if the certificate refers to a non-existing domain name (or local domain name while the current machine is not in that network).

This method is a version of Verify(MailMessage, MessageVerificationFlags, CertificateStore) which accepts X509Certificate2Collection rather than CertificateStore. Starting from .NET Standard 2.0, you must use this method as CertificateStore functionality has been reduced to avoid dependency on Win32 API.

Note Note
This method is not available in .NET Сore 1.0/1.1. On that platform, use Verify(MailMessage, MessageVerificationFlags, CertificateStore) instead.
Examples
This sample verifies the message signature using all the available criteria.
Copy
// To use the code below, import these namespace at the top of your code
using System;
using MailBee;
using MailBee.Mime;
using MailBee.Security;

// The actual code (put it into a method of your class)

// Load the message from file.
MailMessage msg = new MailMessage();
msg.LoadMessage(@"C:\Temp\signed_only.eml");

Smime objSmime = new Smime();

try
{
    // Verify the message.
    SmimeResult smResult = objSmime.Verify2(msg, MessageVerificationFlags.All, null);
    MessageVerificationFlags resultOptions = smResult.VerificationResult;

    // Check for the errors.
    if (resultOptions != MessageVerificationFlags.None)
    {
        if ((resultOptions & MessageVerificationFlags.CertificateRevoked) == MessageVerificationFlags.CertificateRevoked)
        {
            Console.WriteLine("Error! Certificate revoked...");
        }
        if ((resultOptions & MessageVerificationFlags.MessageTampered) == MessageVerificationFlags.MessageTampered)
        {
            Console.WriteLine("Error! Message has been tampered...");
        }
        if ((resultOptions & MessageVerificationFlags.SignatureExpired) == MessageVerificationFlags.SignatureExpired)
        {
            Console.WriteLine("Error! Signature expired...");
        }
        if ((resultOptions & MessageVerificationFlags.SignerAndSenderDoNotMatch) == MessageVerificationFlags.SignerAndSenderDoNotMatch)
        {
            Console.WriteLine("Error! Signer and sender do not match...");
        }
        if ((resultOptions & MessageVerificationFlags.Untrusted) == MessageVerificationFlags.Untrusted)
        {
            Console.WriteLine("Error! Untrusted certificate...");
        }
    }
    if (smResult.SignatureCertificate != null)
    {
        Console.WriteLine(smResult.SignatureCertificate.Subject);
    }
}
catch (MailBeeException ex)
{
    Console.WriteLine(ex.Message);
}
See Also