Partager via


<authentication> of <serviceCertificate> Element

Specifies authentication behaviors for service certificates used by a client.

<system.serviceModel>

  <behaviors>

    <endpointBehaviors>

      <behavior> of <endpointBehaviors>

        <clientCredentials>

          <serviceCertificate> of <serviceCredentials>

                                    
                                    <authentication customCertificateValidatorType="String" certificateValidationMode="None/PeerTrust/ChainTrust/PeerOrChainTrust/Custom"
                                
                                    
                                    revocationMode="NoCheck/Online/Offline" 
                                
                                    
                                    trustedStoreLocation="LocalMachine/CurrentUser" />
                                

Attributes and Elements

The following sections describe attributes, child elements, and parent elements

Attributes

Attribute Description

customCertificateValidator

String. A type and assembly used to validate a custom type.

certifcateValidationMode

Specifies one of three modes used to validate credentials. If set to Custom, then a customCertificateValidator must also be supplied. The default is ChainTrust.

revocationMode

One of the modes used to check for a revoked certificate lists (CRL). The default is Online.

trustedStoreLocation

One of the two system store locations: LocalMachine or CurrentUser. This value is used when a service certificate is negotiated to the client. Validation is performed against the Trusted People store in the specified store location. The default is CurrentUser.

customCertificateValidator Attribute

Value Description

String

Specifies the type name and assembly and other data used to find the type.

certificateValidationMode Attribute


Value Description

Enumeration

One of the following values: None, PeerTrust, ChainTrust, PeerOrChainTrust, Custom.

For more information, see Working with Certificates.

revocationMode Attribute

Value Description

Enumeration

One of the following values: NoCheck, Online, Offline.

For more information, see Working with Certificates.

trustedStoreLocation Attribute


Value Description

Enumeration

One of the following values: LocalMachine or CurrentUser. The default is CurrentUser. If the client application is running under a system account, then the certificate is typically under LocalMachine. If the client application is running under a user account, then the certificate is typically in CurrentUser.

Child Elements

None.

Parent Elements

Element Description

<serviceCertificate> of <clientCredentials> Element

Specifies a certificate to use when authenticating a service to the client.

Example

The following example does two tasks. It first specifies a service certificate for the client to use when communicating with endpoints whose domain name is www.contoso.com over the HTTP protocol. Second, it specifies the revocation mode and store location used during authentication.

<serviceCertificate>
  <defaultCertificate findValue="www.contoso.com" 
                      storeLocation="LocalMachine"
                      storeName="TrustedPeople" 
                      x509FindType="FindByIssuerDistinguishedName" />
  <scopedCertificates>
     <add targetUri="https://www.contoso.com" 
          findValue="www.contoso.com" storeLocation="LocalMachine"
                  storeName="Root" x509FindType="FindByIssuerName" />
  </scopedCertificates>
  <authentication revocationMode="Online" 
   trustedStoreLocation="LocalMachine" />
</serviceCertificate>

See Also

Reference

<authentication> of <clientCertificate> Element

Other Resources

Working with Certificates

Footer image

Send comments about this topic to Microsoft.
© Microsoft Corporation. All rights reserved.