X509ClientCertificateAuthentication.MapClientCertificateToWindowsAccount Property

Reference

Definition

Namespace:: System.ServiceModel.Security

Assembly:: System.ServiceModel.dll

Important

Some information relates to prerelease product that may be substantially modified before it’s released. Microsoft makes no warranties, express or implied, with respect to the information provided here.

Gets or sets a value that indicates whether the certificate is mapped to Windows accounts.

public:
 property bool MapClientCertificateToWindowsAccount { bool get(); void set(bool value); };

public bool MapClientCertificateToWindowsAccount { get; set; }

member this.MapClientCertificateToWindowsAccount : bool with get, set

Public Property MapClientCertificateToWindowsAccount As Boolean

Property Value

Boolean

true if the certificate is mapped to Windows accounts; otherwise, false. The default is false.

Exceptions

InvalidOperationException

set when credential is read-only.

Examples

The following code shows how to set this property.

// Create a service host.
Uri httpUri = new Uri("http://localhost/Calculator");
ServiceHost sh = new ServiceHost(typeof(Calculator), httpUri);

// Create a binding that uses Windows security.
WSHttpBinding b = new WSHttpBinding(SecurityMode.Message);
b.Security.Message.ClientCredentialType = MessageCredentialType.Windows;

// Get a reference to the authentication object.
X509ClientCertificateAuthentication myAuthProperties =
    sh.Credentials.ClientCertificate.Authentication;
// Configure IncludeWindowsGroups.
myAuthProperties.IncludeWindowsGroups = true;

' Create a service host.
Dim httpUri As New Uri("http://localhost/Calculator")
Dim sh As New ServiceHost(GetType(Calculator), httpUri)

' Create a binding that uses Windows security.
Dim b As New WSHttpBinding(SecurityMode.Message)
b.Security.Message.ClientCredentialType = MessageCredentialType.Windows

' Get a reference to the authentication object.
Dim myAuthProperties As X509ClientCertificateAuthentication = _
sh.Credentials.ClientCertificate.Authentication
' Configure IncludeWindowsGroups.
myAuthProperties.IncludeWindowsGroups = True

The property can also be set in a configuration file.

<serviceCredentials>  
  <clientCertificate>  
     <authentication mapClientCertificateToWindowsAccount='true'/>  
  </clientCertificate>  
</serviceCredentials>

Remarks

When using the certificate client credential type on bindings, the certificate is not mapped to Windows accounts. You can override this behavior using this property. When this property is set to true, it causes the identity from the client certificate to be mapped to a Windows account.

Applies to

Share via