<add> of <scopedCertificates> Element
Adds an X.509 certificate to the collection of scoped certificates.
<configuration>
<system.serviceModel>
<behaviors>
<endpointBehaviors>
<behavior>
<clientCredentials>
<serviceCertificate>
<scopedCertificates>
<add>
Syntax
<add findValue="String"
storeLocation="CurrentUser/LocalMachine"
storeName=" CurrentUser/LocalMachine"
targetUri="string"
x509Type="FindByThumbprint/FindBySubjectName/FindBySubjectDistinguishedName/FindByIssuerName/FindByIssuerDistinguishedName/FindBySerialNumber/FindByTimeValid/FindByTimeNotYetValid/FindBySerialNumber/FindByTimeExpired/FindByTemplateName/FindByApplicationPolicy/FindByCertificatePolicy/FindByExtension/FindByKeyUsage/FindBySubjectKeyIdentifier" />
Attributes and Elements
The following sections describe attributes, child elements, and parent elements
Attributes
| Attribute | Description |
|---|---|
| targetUri | String. Specifies the URI of the service associated with the certificate. |
| findValue | String. The value to search for. |
| x509FindType | Enumeration. One of the certificate fields to search. |
| storeLocation | Enumeration. One of the two store locations to search. |
| storeName | Enumeration. One of the system stores to search. |
findValue Attribute
| Value | Description |
|---|---|
| String | The value depends on the field (specified by the X509FindType attribute) being searched. For example, if searching for a thumbprint, the value must be a string of hexadecimal numbers. |
x509FindType Attribute
| Value | Description |
|---|---|
| Enumeration | Values include: FindByThumbprint, FindBySubjectName, FindBySubjectDistinguishedName, FindByIssuerName, FindByIssuerDistinguishedName, FindBySerialNumber, FindByTimeValid, FindByTimeNotYetValid, FindBySerialNumber, FindByTimeExpired, FindByTemplateName, FindByApplicationPolicy, FindByCertificatePolicy, FindByExtension, FindByKeyUsage, FindBySubjectKeyIdentifier. |
storeLocation Attribute
| Value | Description |
|---|---|
| Enumeration | CurrentUser or LocalMachine. |
storeName Attribute
| Value | Description |
|---|---|
| Enumeration | Values include: AddressBook, AuthRoot, CertificateAuthority, Disallowed, My, Root, TrustedPeople, and TrustedPublisher. |
Child Elements
None.
Parent Elements
| Element | Description |
|---|---|
| <scopedCertificates> | Represents a collection of X.509 certificates provided by specific services (scoped) for authentication. |
Remarks
This element enables the client to configure a service certificate to use based on the URL of the service it communicates with. This is especially useful in issued token scenarios where a client can be communicating to multiple services (the end service as well as intermediary security token services). For bindings that use certificate-based message security, this certificate is used to encrypt messages to the service, and is expected to be used by the service for signing replies to the client.
If a binding requires a certificate for the service and no specific certificate for the service URL is found in the ScopedCertificates, the default certificate is used.
For more information, see the "Scoped Certificates" section of How to: Create a Federated Client.
Example
The following example adds an X.509 certificate the collection.
<behaviors>
<endpointBehaviors>
<behavior name="MyEndpointBehavior">
<clientCredentials>
<serviceCertificate>
<scopedCertificates>
<add targetUri="http://www.contoso.com"
findValue="www.Contoso.com"
storeLocation="LocalMachine"
storeName="Root"
x509FindType="FindByIssuerName" />
</scopedCertificates>
</serviceCertificate>
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors>
