<certificateReference> for <identity>
Specifies settings for X.509 certificate validation. A secure Windows Communication Foundation (WCF) client that connects to an endpoint with this identity verifies that the claims presented by the server contain the identity claim used to construct this identity.
<configuration>
<system.serviceModel>
<client>
<endpoint>
<identity>
<certificateReference>
Syntax
<certificateReference findValue="String"
isChainIncluded="Boolean"
storeName="AddressBook/AuthRoot/CertificateAuthority/Disallowed/My/Root/TrustedPeople/TrustedPublisher"
storeLocation="LocalMachine/CurrentUser"
X509FindType="FindByThumbPrint/FindBySubjectName/FindBySubjectDistinguishedName/FindByIssuerName/FindByIssuerDistinguishedName/FindBySerialNumber/FindByTimeValid/FindByTimeNotYetValid/FindByTemplateName/FindByApplicationPolicy/FindByCertificatePolicy/FindByExtension/FindByKeyUsage/FindBySubjectKeyIdentifier">
</certificateReference>
Attributes and Elements
The following sections describe attributes, child elements, and parent elements.
Attributes
Attribute | Description |
---|---|
findValue | Specifies the value to search for in the X.509 certificate store. The type contained in this attribute must satisfy the requirements of the specified X509FindType value. The default is an empty string. |
isChainIncluded | A Boolean value that specifies if the validation is done using a certificate chain. |
storeLocation | Specifies the location of the certificate store that the client can use to validate the server’s certificate. Valid values include the following: - LocalMachine: The cert store assigned to the local machine. - CurrentUser: The cert store assigned to the current user. The default value is LocalMachine. This attribute is of type StoreLocation. |
storeName | Specifies the name of the X.509 certificate store to open. Valid values include the following: - AddressBook: Certificate store for other users. - AuthRoot: Certificate store for third-party certification authorities (CAs). - CertificateAuthority: Certificate store for intermediate CAs. - Disallowed: Certificate store for revoked certificates. - My: Certificate store for personal certificates. - Root: Certificate store for trusted root CAs. - TrustedPeople: Certificate store for directly trusted people and resources. - TrustedPublisher: Certificate store for directly trusted publishers. The default value is My. This attribute is of type StoreName. |
X509FindType | Specifies the type of X.509 search to be executed. The type contained in the findValue attribute must satisfy the requirements of the specified X509FindType.Valid values include the following: - FindByThumbPrint - FindBySubjectName - FindBySubjectDistinguishedName - FindByIssuerName - FindByIssuerDistinguishedName - FindBySerialNumber - FindByTimeValid - FindByTimeNotYetValid - FindByTemplateName - FindByApplicationPolicy - FindByCertificatePolicy - FindByExtension - FindByKeyUsage - FindBySubjectKeyIdentifier The default value is FindBySubjectDistinguishedName. This attribute is of type X509FindType. |
Child Elements
None.
Parent Elements
Element | Description |
---|---|
<identity> | Specifies settings that enable the authentication of an endpoint by other endpoints exchanging messages with it. |
See also
Collaborate with us on GitHub
The source for this content can be found on GitHub, where you can also create and review issues and pull requests. For more information, see our contributor guide.