<certificateReference> for <identity>

Specifies settings for X.509 certificate validation. A secure Windows Communication Foundation (WCF) client that connects to an endpoint with this identity verifies that the claims presented by the server contain the identity claim used to construct this identity.

<configuration>
  <system.serviceModel>
    <client>
      <endpoint>
        <identity>
          <certificateReference>

Syntax

<certificateReference findValue="String"
                      isChainIncluded="Boolean"
                      storeName="AddressBook/AuthRoot/CertificateAuthority/Disallowed/My/Root/TrustedPeople/TrustedPublisher"
                      storeLocation="LocalMachine/CurrentUser"
                      X509FindType="FindByThumbPrint/FindBySubjectName/FindBySubjectDistinguishedName/FindByIssuerName/FindByIssuerDistinguishedName/FindBySerialNumber/FindByTimeValid/FindByTimeNotYetValid/FindByTemplateName/FindByApplicationPolicy/FindByCertificatePolicy/FindByExtension/FindByKeyUsage/FindBySubjectKeyIdentifier">
</certificateReference>

Attributes and Elements

The following sections describe attributes, child elements, and parent elements.

Attributes

Attribute Description
findValue Specifies the value to search for in the X.509 certificate store. The type contained in this attribute must satisfy the requirements of the specified X509FindType value. The default is an empty string.
isChainIncluded A Boolean value that specifies if the validation is done using a certificate chain.
storeLocation Specifies the location of the certificate store that the client can use to validate the server’s certificate.

Valid values include the following:

- LocalMachine: The cert store assigned to the local machine.
- CurrentUser: The cert store assigned to the current user.

The default value is LocalMachine.

This attribute is of type StoreLocation.
storeName Specifies the name of the X.509 certificate store to open.

Valid values include the following:

- AddressBook: Certificate store for other users.
- AuthRoot: Certificate store for third-party certification authorities (CAs).
- CertificateAuthority: Certificate store for intermediate CAs.
- Disallowed: Certificate store for revoked certificates.
- My: Certificate store for personal certificates.
- Root: Certificate store for trusted root CAs.
- TrustedPeople: Certificate store for directly trusted people and resources.
- TrustedPublisher: Certificate store for directly trusted publishers.

The default value is My.

This attribute is of type StoreName.
X509FindType Specifies the type of X.509 search to be executed. The type contained in the findValue attribute must satisfy the requirements of the specified X509FindType.

Valid values include the following:

- FindByThumbPrint
- FindBySubjectName
- FindBySubjectDistinguishedName
- FindByIssuerName
- FindByIssuerDistinguishedName
- FindBySerialNumber
- FindByTimeValid
- FindByTimeNotYetValid
- FindByTemplateName
- FindByApplicationPolicy
- FindByCertificatePolicy
- FindByExtension
- FindByKeyUsage
- FindBySubjectKeyIdentifier

The default value is FindBySubjectDistinguishedName.

This attribute is of type X509FindType.

Child Elements

None.

Parent Elements

Element Description
<identity> Specifies settings that enable the authentication of an endpoint by other endpoints exchanging messages with it.

See also