SmimeVerify Method
Verifies if the signature of the specified e-mail message is valid.

Namespace: MailBee.Security
Assembly: MailBee.NET (in MailBee.NET.dll) Version: 12.4 build 677 for .NET 4.5
Syntax
Copy
public SmimeResult Verify(
	MailMessage message,
	MessageVerificationFlags flags,
	CertificateStore extraStore
)

Parameters

message
Type: MailBee.MimeMailMessage
The message to be verified.
flags
Type: MailBee.SecurityMessageVerificationFlags
A set of flags which specify the verification criteria.
extraStore
Type: MailBee.SecurityCertificateStore
A reference to the certificate store containing additional certificates of the certification authorities, or a null reference (Nothing in Visual Basic) if only the system default certification authorities should be used for validating the certificate of the message signature.

Return Value

Type: SmimeResult
A reference to SmimeResult object containing either a bitwise combination of MessageVerificationFlags indicating which conditions of flags criteria have not been passed the verification or None if the verification completed successfully or the message was not signed.
Exceptions
ExceptionCondition
MailBeeInvalidArgumentExceptionmessage is a null reference (Nothing in Visual Basic).
Remarks

If the message has so-called "attached" signature, you'll need to check DecryptedMessage of the returned value of this method in order to get access to the original (unsigned) message. This is because messages with attached signatures look like encrypted messages so it's required to decode such a message (like in decryption procedure) to get access to the original message. Therefore checking the signature may also extract the original message from it. If DecryptedMessage is not set (null reference) in the returned value of this method, this means the message has so-called "detached" signature which is not encapsulated into the original message contents but simply added as attachment. In this case, message input parameter already refers to the original message and there is no need to extract anything.

extraStore usually needs to be set if the system default store lacks a certification authority which issued the certificate the message is signed with. This is common case for ASP.NET web applications because ASP.NET user has fewer certification authorities in its system default store than regular Windows users. See ASP.NET S/MIME Demo sample project shipped with MailBee for details.

To check the message verification result, examine VerificationResult property of the returned SmimeResult object. To access the signature certificate, use SignatureCertificate property of the same object.

If you need more detailed information about the message's signature (for instance, to learn the hashing algorithm used), enable SetEnvelopedCmsOnDecrypt property and examine SignedCmsResult property in the returned SmimeResult object.

To check if the original message had a digital signature, examine IsSigned property value of the original MailMessage object.

To decrypt and verify a message within a single method call, use DecryptAndVerify(MailMessage, MessageVerificationFlags) method or its overloads.

Note Note
This method can be slow in case if the certificate refers to a non-existing domain name (or local domain name while the current machine is not in that network).
Note Note
This method is not available in .NET Standard 2.0 and newer (because it relies on Win32 API). Use Verify2(MailMessage, MessageVerificationFlags, X509Certificate2Collection) instead.
Examples
This sample verifies the message signature using all the available criteria.
Copy
// To use the code below, import these namespace at the top of your code
using System;
using MailBee;
using MailBee.Mime;
using MailBee.Security;

// The actual code (put it into a method of your class)

// Load the message from file.
MailMessage msg = new MailMessage();
msg.LoadMessage(@"C:\Temp\signed_only.eml");

Smime objSmime = new Smime();

try
{
    // Verify the message.
    SmimeResult smResult = objSmime.Verify(msg, MessageVerificationFlags.All, null);
    MessageVerificationFlags resultOptions = smResult.VerificationResult;

    // Check for the errors.
    if (resultOptions != MessageVerificationFlags.None)
    {
        if ((resultOptions & MessageVerificationFlags.CertificateRevoked) == MessageVerificationFlags.CertificateRevoked)
        {
            Console.WriteLine("Error! Certificate revoked...");
        }
        if ((resultOptions & MessageVerificationFlags.MessageTampered) == MessageVerificationFlags.MessageTampered)
        {
            Console.WriteLine("Error! Message has been tampered...");
        }
        if ((resultOptions & MessageVerificationFlags.SignatureExpired) == MessageVerificationFlags.SignatureExpired)
        {
            Console.WriteLine("Error! Signature expired...");
        }
        if ((resultOptions & MessageVerificationFlags.SignerAndSenderDoNotMatch) == MessageVerificationFlags.SignerAndSenderDoNotMatch)
        {
            Console.WriteLine("Error! Signer and sender do not match...");
        }
        if ((resultOptions & MessageVerificationFlags.Untrusted) == MessageVerificationFlags.Untrusted)
        {
            Console.WriteLine("Error! Untrusted certificate...");
        }
    }
    if (smResult.SignatureCertificate != null)
    {
        Console.WriteLine(smResult.SignatureCertificate.Subject);
    }
}
catch (MailBeeException ex)
{
    Console.WriteLine(ex.Message);
}
See Also