EndpointIdentity::CreateRsaIdentity Method (X509Certificate2^)

.NET Framework (current version)
 

Creates an RSA identity with the specified X.509 certificate.

Namespace:   System.ServiceModel
Assembly:  System.ServiceModel (in System.ServiceModel.dll)

C#
C++
F#
VB
Copy 
public:
static EndpointIdentity^ CreateRsaIdentity(
	X509Certificate2^ certificate
)

Parameters

certificate
Type: System.Security.Cryptography.X509Certificates::X509Certificate2^

An X509Certificate2 that contains the certificate for the RSA identity.

Return Value

Type: System.ServiceModel::EndpointIdentity^

An RSA EndpointIdentity associated with the specified certificate.

Exception Condition
ArgumentNullException

certificate is null.

NotSupportedException

certificate is not an RSA certificate.

A secure WCF client that connects to an endpoint with this identity verifies that the claims presented by the server contain a claim that contains the RSA public key obtained from the certificate used to construct this identity.

This static method creates an instance of RsaEndpointIdentity by calling its constructor, RsaEndpointIdentity.

The following code shows how to call this method.

C#
Copy 
public static void CreateRSAIdentity()
{
    // Create a ServiceHost for the CalculatorService type. Base Address is supplied in app.config.
    using (ServiceHost serviceHost = new ServiceHost(typeof(CalculatorService)))
    {
        // The base address is read from the app.config.
        Uri dnsrelativeAddress = new Uri(serviceHost.BaseAddresses[0], "dnsidentity");
        Uri certificaterelativeAddress = new Uri(serviceHost.BaseAddresses[0], "certificateidentity");
        Uri rsarelativeAddress = new Uri(serviceHost.BaseAddresses[0], "rsaidentity");

        // Set the service's X509Certificate to protect the messages.
        serviceHost.Credentials.ServiceCertificate.SetCertificate(StoreLocation.LocalMachine,
                                                                  StoreName.My,
                                                                  X509FindType.FindBySubjectDistinguishedName,
                                                                  "CN=identity.com, O=Contoso");
        //Cache a reference to the server's certificate.
        X509Certificate2 servercert = serviceHost.Credentials.ServiceCertificate.Certificate;

        //Create endpoints for the service using a WSHttpBinding set for anonymous clients.
        WSHttpBinding wsAnonbinding = new WSHttpBinding(SecurityMode.Message);
        //Clients are anonymous to the service.
        wsAnonbinding.Security.Message.ClientCredentialType = MessageCredentialType.None;
        //Secure conversation (session) is turned off.
        wsAnonbinding.Security.Message.EstablishSecurityContext = false;

        //Create a service endpoint and change its identity to the DNS for an X509 Certificate.
        ServiceEndpoint ep = serviceHost.AddServiceEndpoint(typeof(ICalculator),
                                                            wsAnonbinding,
                                                            String.Empty);
        EndpointAddress epa = new EndpointAddress(dnsrelativeAddress, EndpointIdentity.CreateDnsIdentity("identity.com"));
        ep.Address = epa;

        //Create a service endpoint and change its identity to the X509 certificate's RSA key value.
        ServiceEndpoint ep3 = serviceHost.AddServiceEndpoint(typeof(ICalculator), wsAnonbinding, String.Empty);
        EndpointAddress epa3 = new EndpointAddress(rsarelativeAddress, EndpointIdentity.CreateRsaIdentity(servercert));
        ep3.Address = epa3;

.NET Framework
Available since 3.0
Return to top
Show: