<peerAuthentication>
Specifies authentication settings for a peer certificate used by a peer node.
<configuration>
<system.serviceModel>
<behaviors>
<serviceBehaviors>
<behavior>
<serviceCredentials>
<peer>
<peerAuthentication>
Syntax
<peerAuthentication customCertificateValidatorType="namespace.typeName, [,AssemblyName] [,Version=version number] [,Culture=culture] [,PublicKeyToken=token]"
certificateValidationMode="ChainTrust/None/PeerTrust/PeerOrChainTrust/Custom"
revocationMode="NoCheck/Online/Offline"
trustedStoreLocation="CurrentUser/LocalMachine" />
Attributes and Elements
The following sections describe attributes, child elements, and parent elements.
Attributes
| Attribute | Description |
|---|---|
certificateValidationMode |
Optional enumeration. Specifies one of three modes used to validate credentials. This attribute is of type X509CertificateValidationMode. If set to Custom, then a customCertificateValidator must also be supplied. |
customCertificateValidatorType |
Optional string. Specifies a type and assembly used to validate a custom type. This attribute must be set when certificateValidationMode is set to Custom. This attribute is of type X509CertificateValidator. Windows Communication Foundation (WCF) provides a default peer certificate validator that verifies the peer certificate against the trusted people store. It also verifies that the certificate chains up to a valid root. You can implement a custom validator to specify a different behavior and use this attribute to point to the custom validator. |
revocationMode |
Optional enumeration. Specifies the certificate revocation mode. This attribute is of type X509RevocationMode. The system verifies that the peer certificate has not been revoked by looking it up in the revoked certificate list. This check can be performed either by checking online or against a cached revocation list. Revocation checking can be turned off by setting this attribute to NoCheck. |
trustedStoreLocation |
Optional enumeration. Specifies the trusted store location where the peer certificate is validated by the WCF security system. This attribute is of type StoreLocation. |
Child Elements
None.
Parent Elements
| Element | Description |
|---|---|
| <peer> | Specifies the current credentials for a peer node. |
Remarks
The <authentication> element corresponds to the X509PeerCertificateAuthentication class. This element specifies a validator, which is invoked during neighbor-to-neighbor authentication in the mesh. When a new peer tries to establish a neighbor connection, it passes its own credential to the responding peer. The validator of the responder is invoked to verify the credential of the remote party. Whenever a peer connection is established in the mesh, both peers are mutually authenticated, meaning validators on both ends are invoked.
See also
Σχόλια
Σύντομα διαθέσιμα: Καθ' όλη τη διάρκεια του 2024 θα καταργήσουμε σταδιακά τα ζητήματα GitHub ως μηχανισμό ανάδρασης για το περιεχόμενο και θα το αντικαταστήσουμε με ένα νέο σύστημα ανάδρασης. Για περισσότερες πληροφορίες, ανατρέξτε στο θέμα: https://aka.ms/ContentUserFeedback.
Υποβολή και προβολή σχολίων για