The FPCSSLClientCertificateRestriction object defines a requirement for restricting the Secure Sockets Layer (SSL) client certificates that a Web listener will accept for authentication. (This object is introduced in ISA Server 2006.)
A client certificate restriction may apply to one of the following fields:
- Enhanced Key Usage.
A restriction may include an object identifier (OID) and a value that must be present in the specified field. For example, a certificate restriction can limit the client certificates that a Web listener will accept to those whose Enhanced Key Usage field contains the Smart Card Logon object identifier 220.127.116.11.4.1.318.104.22.168.
Client certificate restrictions are applicable only for SSL certificate authentication and forms-based authentication of clients requesting an HTTPS connection. They are enabled only if the SSLClientCertificateRestrictionsEnabled property of the FPCWebListenerProperties object for the Web listener is set to True.
The FPCSSLClientCertificateRestriction object is an element of an FPCSSLClientCertificateRestrictions collection, and a new object representing an SSL client certificate restriction can be created by calling the Add method of this collection. When the FPCSSLClientCertificateRestrictions collection for a Web listener contains more than one client certificate restriction, a client certificate that matches at least one of the restrictions will be accepted.
Click here to see the ISA Server object hierarchy.
InheritanceThis object inherits from the FPCPersist object, which contains methods and properties related to the persistent storage of an object's data. They include methods for exporting an object's data to and importing it from XML documents.
The FPCSSLClientCertificateRestriction object does not define any methods.
The FPCSSLClientCertificateRestriction object has the following properties.
|CertificateRestrictionField||Gets or sets a value from the FpcCertificateRestrictionField enumerated type that specifies the certificate field to which the restriction applies.|
|Description||Gets or sets the description of the client certificate restriction.|
|Name||Gets or sets the name of the client certificate restriction.|
|OID||Gets or sets the object identifier (OID) to be used for determining a match with the field.|
|OIDMatchType||Gets or sets a value from the FpcOIDMatchType enumerated type that specifies the type of match required for the object identifier (OID).|
|Value||Gets or sets the string to be used for determining a match with the value in the field.|
|ValueMatchType||Gets or sets a value from the FpcValueMatchType enumerated type that specifies the type of match required for the value in the field.|
|CancelWaitForChanges||Cancels the registration established by the WaitForChanges method (for use in C and C++ programming only).|
|CanImport||Returns a Boolean value that indicates whether the object's properties can be imported from the specified XML document.|
|Export||Writes the stored values of all of the object's properties to the specified XML document.|
|ExportToFile||Writes the stored values of all of the object's properties to the specified XML file.|
|GetServiceRestartMask||Retrieves a 32-bit bitmask of the FpcServices enumerated type that specifies which services need to be restarted for currently unsaved changes to take effect.|
|Import||Copies the values of all of the object's properties from the specified XML document to persistent storage.|
|ImportFromFile||Copies the values of all of the object's properties from the specified XML file to persistent storage.|
|LoadDocProperties||Provides the XML document's properties so that you can know what information can be imported from the document.|
|Refresh||Reads the values of all of the object's properties from persistent storage, overwriting any changes that have not been saved.|
|Save||Writes the current values of all of the object's properties to persistent storage.|
|WaitForChanges||Registers to wait for an event indicating that the contents of the object have changed (for use in C and C++ programming only).|
|PersistentName||Gets the persistent name of the object. The persistent name of an object is a name that is unique for the object at the respective level of the COM object hierarchy.|
|VendorParametersSets||Gets an FPCVendorParametersSets object that can hold sets of custom data for extending the object.|
This object implements the IFPCSSLClientCertificateRestriction interface.
|Client||Requires Windows XP.|
|Server||Requires Windows Server 2003.|
|Version||Requires Internet Security and Acceleration Server 2006.|
Declared in Msfpccom.idl.