Share via

<messageSenderAuthentication>

  • Article

Specifies authentication settings for peer certificate used by a message sender.

Schema Hierarchy

<system.serviceModel>
  <behaviors>
    <serviceBehaviors>
      <behavior> of <serviceBehaviors>
        <serviceCredentials>
          <peer> of <serviceCredentials>
            <messageSenderAuthentication>

Syntax

<messageSenderAuthentication
   customCertificateValidatorType="namespace.typeName, [,AssemblyName] [,Version=version number] [,Culture=culture] [,PublicKeyToken=token]"
   certificateValidationMode="ChainTrust/None/PeerTrust/PeerOrChainTrust/Custom"
   revocationMode="NoCheck/Online/Offline"
   trustedStoreLocation="CurrentUser/LocalMachine" 
/>

Attributes and Elements

The following sections describe attributes, child elements, and parent elements.

Attributes

Attribute Description

certificateValidationMode

Optional enumeration. Specifies one of three modes used to validate credentials. This attribute is of type X509CertificateValidationMode. If set to Custom, then a customCertificateValidator must also be supplied.

customCertificateValidatorType

Optional string. Specifies a type and assembly used to validate a custom type. This attribute must be set when certificateValidationMode is set to Custom. This attribute is of type X509CertificateValidator. Windows Communication Foundation (WCF) provides a default peer certificate validator that verifies the peer certificate against the trusted people store. It also verifies that the certificate chains up to a valid root. You can implement a custom validator to specify a different behavior and use this attribute to point to the custom validator.

revocationMode

Optional enumeration. Specifies the certificate revocation mode. This attribute is of type X509RevocationMode. The system verifies that the peer certificate has not been revoked by looking it up in the revoked certificate list. This check can be performed either by checking online or against a cached revocation list. Revocation checking can be turned off by setting this attribute to NoCheck.

trustedStoreLocation

Optional enumeration. Specifies the trusted store location where the peer certificate is validated by the WCF security system. This attribute is of type StoreLocation.

Child Elements

None.

Parent Elements

Element Description

<peer> of <serviceCredentials>

Specifies the current credentials for a peer node.

Remarks

This element must be configured if message authentication is chosen. For output channels, each message is signed using the certificate provided by <certificate> Element. All messages, before delivered to the application, are checked against the message credential using the validator specified by the customCertificateValidatorType attribute of this element. The validator can either accept or reject the credential.

See Also

Reference

X509PeerCertificateAuthenticationElement
X509PeerCertificateAuthentication
MessageSenderAuthentication
MessageSenderAuthentication

Other Resources

Working with Certificates
Peer to Peer Networking
Peer Channel Message Authentication
Peer Channel Custom Authentication
Best Practices for Securing PeerChannel Applications