Export (0) Print
Expand All

<certificateValidation>

.NET Framework 4.5

Controls the settings that token handlers use to validate certificates. These settings are overridden if a specific handler is configured with its own validator.

<system.identityModel>
  <identityConfiguration>
    <certificateValidation>
<system.identityModel>
  <identityConfiguration>
    <certificateValidation
      certificateValidationMode="None||ChainTrust||PeerTrust||PeerOrChainTrust||Custom"
      revocationMode="NoCheck||Offline||Online"
      trustedStoreLocation="CurrentLocation||LocalMachine" >
    </certificateValidation>
  </identityConfiguration>
</system.identityModel>

The following sections describe attributes, child elements, and parent elements.

Attributes

Attribute

Description

certificateValidationMode

An X509CertificateValidationMode value that specifies the validation mode to use for the X.509 certificate. The default value is “PeerOrChainTrust”. To specify a custom validator, set this attribute to “Custom” and specify the validator using the <certificateValidator> element. Optional.

revocationMode

An X509RevocationMode value that specifies the revocation mode to use for the X.509 certificate. The default value is “Online”. Optional.

trustedStoreLocation

A StoreLocation value that specifies the X.509 certificate store. The default value is “LocalMachine”. Optional.

Child Elements

Element

Description

<certificateValidator>

Specifies a custom type for certificate validation. This type is used only if the certificateValidationMode attribute of the <certificateValidation> element is set to "Custom".

Parent Elements

Element

Description

<identityConfiguration>

Specifies service-level identity settings.

<securityTokenHandlerConfiguration>

Provides configuration for a collection of security token handlers.

A <certificateValidation> element can be specified at the service level under the <identityConfiguration> element or on the security token handler collection level under the <securityTokenHandlerConfiguration> element. Settings on a token handler collection override those specified on the service. Some token handlers allow you to specify certificate validation settings in configuration. Settings on individual token handlers override those specified both at the service level and on the security token handler collection.

      <certificateValidation certificateValidationMode="PeerOrChainTrust"
                             revocationMode="Online"
                             trustedStoreLocation="LocalMachine" />
Show:
© 2014 Microsoft