Rediger

Del via


X509SecurityTokenAuthenticator Constructors

Definition

Initializes a new instance of the X509SecurityTokenAuthenticator class.

Overloads

X509SecurityTokenAuthenticator()

Initializes a new instance of the X509SecurityTokenAuthenticator class.

X509SecurityTokenAuthenticator(X509CertificateValidator)

Initializes a new instance of the X509SecurityTokenAuthenticator class using the specified certificate validator.

X509SecurityTokenAuthenticator(X509CertificateValidator, Boolean)

Initializes a new instance of the X509SecurityTokenAuthenticator class using the specified certificate validation method and indicates whether the identity of the certificate is mapped to a Windows identity.

X509SecurityTokenAuthenticator(X509CertificateValidator, Boolean, Boolean)

Initializes a new instance of the X509SecurityTokenAuthenticator class using the specified certificate validation method and indicates whether the identity of the certificate is mapped to a Windows identity and the Windows groups the user belongs to.

X509SecurityTokenAuthenticator()

Source:
X509SecurityTokenAuthenticator.cs
Source:
X509SecurityTokenAuthenticator.cs

Initializes a new instance of the X509SecurityTokenAuthenticator class.

public:
 X509SecurityTokenAuthenticator();
public X509SecurityTokenAuthenticator ();
Public Sub New ()

Remarks

When the ValidateTokenCore method is called to authenticate the token, the X.509 certificate is not mapped to a Windows identity and the certificate is validated using a certificate chain.

Applies to

X509SecurityTokenAuthenticator(X509CertificateValidator)

Source:
X509SecurityTokenAuthenticator.cs
Source:
X509SecurityTokenAuthenticator.cs

Initializes a new instance of the X509SecurityTokenAuthenticator class using the specified certificate validator.

public:
 X509SecurityTokenAuthenticator(System::IdentityModel::Selectors::X509CertificateValidator ^ validator);
public X509SecurityTokenAuthenticator (System.IdentityModel.Selectors.X509CertificateValidator validator);
new System.IdentityModel.Selectors.X509SecurityTokenAuthenticator : System.IdentityModel.Selectors.X509CertificateValidator -> System.IdentityModel.Selectors.X509SecurityTokenAuthenticator
Public Sub New (validator As X509CertificateValidator)

Parameters

validator
X509CertificateValidator

A X509CertificateValidator that verifies that the certificate is valid.

Remarks

The X509CertificateValidator class provides a set of pre-defined certificate validation models, such as the ChainTrust property. These validation models can be passed to the validator parameter. When an application requires a custom validation method, derive a class from X509CertificateValidator and override the Validate(X509Certificate2) method. The Validate(X509Certificate2) method is called by the ValidateTokenCore method.

By default, the X509SecurityTokenAuthenticator does not map the X.509 certificate to a Windows identity.

Applies to

X509SecurityTokenAuthenticator(X509CertificateValidator, Boolean)

Initializes a new instance of the X509SecurityTokenAuthenticator class using the specified certificate validation method and indicates whether the identity of the certificate is mapped to a Windows identity.

public:
 X509SecurityTokenAuthenticator(System::IdentityModel::Selectors::X509CertificateValidator ^ validator, bool mapToWindows);
public X509SecurityTokenAuthenticator (System.IdentityModel.Selectors.X509CertificateValidator validator, bool mapToWindows);
new System.IdentityModel.Selectors.X509SecurityTokenAuthenticator : System.IdentityModel.Selectors.X509CertificateValidator * bool -> System.IdentityModel.Selectors.X509SecurityTokenAuthenticator
Public Sub New (validator As X509CertificateValidator, mapToWindows As Boolean)

Parameters

validator
X509CertificateValidator

A X509CertificateValidator that verifies that the certificate is valid.

mapToWindows
Boolean

true to map the identity of the certificate to a Windows identity; otherwise, false.

Remarks

The X509CertificateValidator class provides a set of pre-defined certificate validation models, such as the ChainTrust property. These validation models can be passed to the validator parameter. When an application requires a custom validation method, derive a class from X509CertificateValidator and override the Validate(X509Certificate2) method. The Validate(X509Certificate2) method is called by the ValidateTokenCore method.

When the ValidateTokenCore method is called to authenticate the token and mapToWindows is true, the X.509 certificate is mapped to a Windows account and claims are added to the EvaluationContext with the Windows groups that the user belongs to. How the X.509 certificate is mapped to a Windows account depends upon the security token type:

  • When the security token is of type X509WindowsSecurityToken, the X.509 certificate is mapped using the WindowsIdentity property.

  • When the security token is of type X509SecurityToken, the X.509 certificate is mapped to a Windows account using its user principal name (UPN).

Applies to

X509SecurityTokenAuthenticator(X509CertificateValidator, Boolean, Boolean)

Initializes a new instance of the X509SecurityTokenAuthenticator class using the specified certificate validation method and indicates whether the identity of the certificate is mapped to a Windows identity and the Windows groups the user belongs to.

public:
 X509SecurityTokenAuthenticator(System::IdentityModel::Selectors::X509CertificateValidator ^ validator, bool mapToWindows, bool includeWindowsGroups);
public X509SecurityTokenAuthenticator (System.IdentityModel.Selectors.X509CertificateValidator validator, bool mapToWindows, bool includeWindowsGroups);
new System.IdentityModel.Selectors.X509SecurityTokenAuthenticator : System.IdentityModel.Selectors.X509CertificateValidator * bool * bool -> System.IdentityModel.Selectors.X509SecurityTokenAuthenticator
Public Sub New (validator As X509CertificateValidator, mapToWindows As Boolean, includeWindowsGroups As Boolean)

Parameters

validator
X509CertificateValidator

A X509CertificateValidator that verifies that the certificate is valid.

mapToWindows
Boolean

true to map the identity of the certificate to a Windows identity; otherwise, false.

includeWindowsGroups
Boolean

true to include the groups the Windows user belongs to in the ClaimSets property that is constructed throughout the authentication process; otherwise, false.

Remarks

Pass false to the includeWindowsGroups parameter when the Windows group information is not required to improve performance.

The X509CertificateValidator class has several static properties, such as the ChainTrust property that can be passed to the validator parameter. These properties provide common validation methods for X.509 certificates. When a custom validation method is required, derive a class from X509CertificateValidator and override the Validate(X509Certificate2) method. The Validate(X509Certificate2) method is called by the ValidateTokenCore method.

When true is passed into the mapToWindows parameter, the X.509 certificate is mapped to a Windows account and relevant claims are added to the EvaluationContext, such as the Windows groups that the user belongs to. When the security token is of type X509WindowsSecurityToken, the WindowsIdentity property is using the identity that is specified in the token; otherwise, the X.509 certificate is mapped to a Windows identity using a Kerberos S4U logon based on the user principal name SubjectAltNames extension of the X.509 certificate.

Applies to