Events
Mar 17, 11 PM - Mar 21, 11 PM
Join the meetup series to build scalable AI solutions based on real-world use cases with fellow developers and experts.
Register nowThis browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
You can identify a certificate in several ways: by the hash of the certificate, by the issuer and serial number, or by the subject key identifier (SKI). The SKI provides a unique identification for the certificate's subject public key and is often used when working with XML digital signing. The SKI value is usually part of the X.509 certificate as an X.509 certificate extension. Windows Communication Foundation (WCF) has a default referencing style that uses the issuer and serial number if the SKI extension is missing from the certificate. If the certificate contains the SKI extension, the default referencing style uses the SKI to point to the certificate. If mid-way through development of an application, you switch from using certificates that do not use the SKI extension to certificates that use the SKI extension, the referencing style used in WCF-generated messages also changes.
If a consistent referencing style is required regardless of SKI extension presence, it is possible to configure the desired referencing style as shown in the following code.
The following example creates a custom security binding element that uses a single consistent referencing style, the issuer name and serial number.
public Binding CreateClientBinding()
{
AsymmetricSecurityBindingElement abe =
(AsymmetricSecurityBindingElement)SecurityBindingElement.
CreateMutualCertificateBindingElement(
MessageSecurityVersion.
WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10);
abe.SetKeyDerivation(false);
X509SecurityTokenParameters istp =
abe.InitiatorTokenParameters as X509SecurityTokenParameters;
if (istp != null)
{
istp.X509ReferenceStyle =
X509KeyIdentifierClauseType.IssuerSerial;
}
X509SecurityTokenParameters rstp =
abe.RecipientTokenParameters as X509SecurityTokenParameters;
if (rstp != null)
{
rstp.X509ReferenceStyle =
X509KeyIdentifierClauseType.IssuerSerial;
}
HttpTransportBindingElement transport =
new HttpTransportBindingElement();
return new CustomBinding(abe, transport);
}
Public Function CreateClientBinding() As Binding
Dim abe As AsymmetricSecurityBindingElement = CType(SecurityBindingElement.CreateMutualCertificateDuplexBindingElement _
(MessageSecurityVersion.WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10), _
AsymmetricSecurityBindingElement)
abe.SetKeyDerivation(False)
Dim istp As X509SecurityTokenParameters = TryCast(abe.InitiatorTokenParameters, X509SecurityTokenParameters)
If istp IsNot Nothing Then
istp.X509ReferenceStyle = X509KeyIdentifierClauseType.IssuerSerial
End If
Dim rstp As X509SecurityTokenParameters = TryCast(abe.RecipientTokenParameters, X509SecurityTokenParameters)
If rstp IsNot Nothing Then
rstp.X509ReferenceStyle = X509KeyIdentifierClauseType.IssuerSerial
End If
Return New CustomBinding(abe, New HttpTransportBindingElement())
End Function
The following namespaces are required to compile the code:
Events
Mar 17, 11 PM - Mar 21, 11 PM
Join the meetup series to build scalable AI solutions based on real-world use cases with fellow developers and experts.
Register nowTraining
Module
Implement and manage Active Directory Certificate Services - Training
Implement and manage Active Directory Certificate Services
Certification
Microsoft Certified: Security, Compliance, and Identity Fundamentals - Certifications
Demonstrate foundational knowledge on security, compliance, and identity concepts and related cloud-based Microsoft solutions.
Documentation
Working with Certificates - WCF
Learn about X.509 digital certificate features and how to use them in WCF. Resources in this article can further explain these concepts.
How to: Specify the Certificate Authority Certificate Chain Used to Verify Signatures (WCF) - WCF
Learn more about: How to: Specify the Certificate Authority Certificate Chain Used to Verify Signatures (WCF)
How to: Make X.509 Certificates Accessible to WCF - WCF
Learn how to make an X.509 certificate accessible to WCF. Application code must specify the certificate store name and location. There might be other requirements.
How to: Obtain a Certificate (WCF) - WCF
Learn the different ways to obtain an X.509 certificate in Windows Communication Foundation (WCF).