CertificateDescription Class
Definition
Important
Some information relates to prerelease product that may be substantially modified before it’s released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
Description of a certificate.
public class CertificateDescription : Microsoft.Identity.Abstractions.CredentialDescription
type CertificateDescription = class
inherit CredentialDescription
Public Class CertificateDescription
Inherits CredentialDescription
- Inheritance
Constructors
CertificateDescription() |
Default constructor. |
CertificateDescription(CredentialDescription) |
Creates a certificate description from a credential description. |
Properties
Base64EncodedValue |
When SourceType is Base64Encoded, specifies the base64 encoded value of the certificate. (Inherited from CredentialDescription) |
CachedValue |
When the credential is retrieved by a ICredentialsLoader, it will be stored in this property, where you can retrieve it. If the credential is a certificate, it will also be stored in the Certificate property. (Inherited from CredentialDescription) |
Certificate |
. |
CertificateDiskPath |
When SourceType is Path, specifies the path to the certificate on disk. You can use this property to specify the path to a PFX file containing the certificate and its private key. If a password is needed, use CertificatePassword. (Inherited from CredentialDescription) |
CertificateDistinguishedName |
When SourceType is StoreWithDistinguishedName, specifies the distinguished name of the certificate in the store specified by CertificateStorePath. (Inherited from CredentialDescription) |
CertificatePassword |
When SourceType is Path, specifies the password to use to access the certificate which path is specified by CertificateDiskPath. Only use this property if the certificate is protected by a password. (Inherited from CredentialDescription) |
CertificateStorePath |
When SourceType is StoreWithDistinguishedName or
StoreWithThumbprint, specifies the certificate store from which to extract
the certificate. The format is the concatenation of a value of StoreLocation and a value of StoreName
separated by a slash. For instance, use |
CertificateThumbprint |
When SourceType is StoreWithThumbprint specifies the thumbprint of the certificate to extract from the certificate store specified by CertificateStorePath. (Inherited from CredentialDescription) |
ClientSecret |
When SourceType is ClientSecret, describes the client secret to use as a client credential in a confidential client application. The client secret is a string known only to the application and the identity provider. It needs to match the value configured during the application registration. (Inherited from CredentialDescription) |
Container |
Container in which to find the credential. You will normally not use this property directly. It could be used by property editors in tools or IDEs. Instead, use the properties that are specific to the SourceType. (Inherited from CredentialDescription) |
CredentialType |
Describes the type of credentials, based on the SourceType. (Inherited from CredentialDescription) |
DecryptKeysAuthenticationOptions |
When SourceType is AutoDecryptKeys, this property describes the authority to use to get a token for a web API to get the keys used to decrypt an encrypted token. The cloud instance will be the same as the application, but the application can be a multi-tenant application (tenant = common or organizations), and in this case to get a token on behalf of itself, the credential type needs to provide a tenant. More generally you might want to specify authentication options, including protocol, PopKey, etc ... This credential description is only used for decrypt credentials, not for client credentials. (Inherited from CredentialDescription) |
Id |
Gets a unique identifier for a CredentialDescription based on SourceType and ReferenceOrValue. (Inherited from CredentialDescription) |
KeyVaultCertificateName |
When SourceType is KeyVault, use this property to specify the the name of the certificate in Key Vault in conjunction with KeyVaultUrl. (Inherited from CredentialDescription) |
KeyVaultUrl |
When SourceType is KeyVault, use this property to specify the URL of the Key Vault containing the certificate, in conjunction with KeyVaultCertificateName. (Inherited from CredentialDescription) |
ManagedIdentityClientId |
When SourceType is SignedAssertionFromManagedIdentity, it specifies the client ID of the Azure user-assigned managed identity used to provide a signed assertion to act as a client credential for the application. This requires that the application is deployed on Azure, that the managed identity is configured, and that workload identity federation with the managed identity is declared in the application registration. For details, see https://zcusa.951200.xyz/azure/active-directory/workload-identities/workload-identity-federation. (Inherited from CredentialDescription) |
ReferenceOrValue |
Reference to the certificate or value. You will normally not use this property directly. It could be used by property editors in tools or IDEs. Instead, use the properties that are specific to the SourceType. (Inherited from CredentialDescription) |
SignedAssertionFileDiskPath |
When SourceType is SignedAssertionFilePath, optionally specifies the path on disk of a file containing a signed assertion used as a client assertion for the confidential client application. The signed assertion file is a file containing a signed JWT assertion that is used as a client credential. You will usually use this option when you want to integrate with workload identity federation with Azure Kubernetes Service (AKS). For details, see https://zcusa.951200.xyz/azure/active-directory/workload-identities/workload-identity-federation. (Inherited from CredentialDescription) |
Skip |
Skip this credential description. This is useful when, you specify a list of credentials, some of which don't apply in a particular deployment. It will also be used by the ICredentialsLoader if it cannot find or load the credential. (Inherited from CredentialDescription) |
SourceType |
. |
TokenExchangeUrl |
(Microsoft Entra specific) Value that can be used to configure the token exchange resource url in the case of federation identity credentials with Managed identity. (Inherited from CredentialDescription) |
X509KeyStorageFlags |
Defines where and how to import the private key of an X.509 certificate. |
Methods
FromBase64Encoded(String, String) |
Creates a certificate description from a Base64 encoded value. |
FromBase64Encoded(String) |
Creates a certificate description from a Base64 encoded value. |
FromCertificate(X509Certificate2) |
Creates a certificate description from a certificate (by code). |
FromKeyVault(String, String) |
Creates a certificate description from Key Vault. |
FromPath(String, String) |
Creates a certificate description from path on disk. |
FromStoreWithDistinguishedName(String, StoreLocation, StoreName) |
Creates a certificate description from a certificate distinguished name (such as CN=name) and store location (Certificate Manager on Windows, for instance). |
FromStoreWithThumbprint(String, StoreLocation, StoreName) |
Creates a certificate description from a thumbprint and store location (Certificate Manager on Windows, for instance). |