Gets the primary identity associated with the current setting.
Assembly: System.ServiceModel (in System.ServiceModel.dll)
The primary identity is obtained from the credentials used to authenticate the current user. If the credential is an X.509 certificate, the identity is a concatenation of the subject name and the thumbprint (in that order). The subject name is separated from the thumbprint with a semicolon and a space. If the subject field of the certificate is null, the primary identity includes just a semicolon, a space, and the thumbprint.
When a duplex message exchange pattern is used with Kerberos direct authentication, this property becomes empty on the callback and the claimset is also empty. This does not happen when SspiNegotiated is used instead of Kerberos.
The Kerberos Requester Token is used only on the client to represent the service. The authorization policy that it generates contains one claim, an SPN; hence, no identity in the claim. In most cases there is no problem, because ServiceSecurityContext is not used on the client. In a duplex scenario during callback, if the callback inspects this property, it gets an anonymous identity.
For an example of using the PrimaryIdentity property to authorize a client using a certificate, see How to: Examine the Security Context.
Windows 8.1, Windows Server 2012 R2, Windows 8, Windows Server 2012, Windows 7, Windows Vista SP2, Windows Server 2008 (Server Core Role not supported), Windows Server 2008 R2 (Server Core Role supported with SP1 or later; Itanium not supported)
The .NET Framework does not support all versions of every platform. For a list of the supported versions, see .NET Framework System Requirements.