ServiceSecurityContext.PrimaryIdentity Property
Definition
Important
Some information relates to prerelease product that may be substantially modified before it’s released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
Gets the primary identity associated with the current setting.
public:
property System::Security::Principal::IIdentity ^ PrimaryIdentity { System::Security::Principal::IIdentity ^ get(); };
public System.Security.Principal.IIdentity PrimaryIdentity { get; }
member this.PrimaryIdentity : System.Security.Principal.IIdentity
Public ReadOnly Property PrimaryIdentity As IIdentity
Property Value
An IIdentity associated with the current setting.
Examples
For an example of using the PrimaryIdentity
property to authorize a client using a certificate, see How to: Examine the Security Context.
Remarks
The primary identity is obtained from the credentials used to authenticate the current user. If the credential is an X.509 certificate, the identity is a concatenation of the subject name and the thumbprint (in that order). The subject name is separated from the thumbprint with a semicolon and a space. If the subject field of the certificate is null
, the primary identity includes just a semicolon, a space, and the thumbprint.
When a duplex message exchange pattern is used with Kerberos direct authentication, this property becomes empty on the callback and the claimset is also empty. This does not happen when SspiNegotiated is used instead of Kerberos.
The Kerberos Requester Token is used only on the client to represent the service. The authorization policy that it generates contains one claim, an SPN; hence, no identity in the claim. In most cases there is no problem, because ServiceSecurityContext is not used on the client. In a duplex scenario during callback, if the callback inspects this property, it gets an anonymous identity.