<clientCertificate> of <serviceCredentials>

Article
09/15/2021

Defines an X.509 certificate used to sign and encrypt messages to a client form a service in a duplex communication pattern.

<configuration>
  <system.serviceModel>
    <behaviors>
      <serviceBehaviors>
        <behavior>
          <serviceCredentials>
            <clientCertificate>

Syntax

<clientCertificate>
  <certificate />
  <authentication />
</clientCertificate>

Attributes and Elements

The following sections describe attributes, child elements, and parent elements

Attributes

None.

Child Elements

Element	Description
<authentication>	Specifies authentication options for the client certificate.
<certificate>	Specifies the certificate to use.

Parent Elements

Element	Description
<serviceCredentials>	Specifies the credentials to be used in authenticating the service, and the client credential validation related settings.

Remarks

This element is used when the service must have the client's certificate in advance to communicate securely with the client. This occurs when using the duplex communication pattern. In the more typical request/response pattern, the client includes its certificate in the request, which the service uses to encrypt and sign its response back to the client. In the duplex communication pattern, however, the service does not have a request from the client and therefore it needs the client's certificate in advance to secure the message to the client. Therefore you must obtain the client's certificate in an out-of-band negotiation, and specify the certificate using this element. For more information about duplex services, see How to: Create a Duplex Contract.

The certificate set in this element is used to encrypt messages to the client only for bindings that are configured with MutualCertificateDuplex message security authentication mode.