Was this page helpful?
Your feedback about this content is important. Let us know what you think.
Additional feedback?
1500 characters remaining
Export (0) Print
Expand All

<x509SecurityTokenHandlerRequirement>

.NET Framework 4.6 and 4.5

Provides optional configuration for the X509SecurityTokenHandler class or derived classes.

<system.identityModel>
  <identityConfiguration>
    <securityTokenHandlers>
      <add> [securityTokenHandlers]
        <x509SecurityTokenHandlerRequirement>
<system.identityModel>
  <identityConfiguration>
    <securityTokenHandlers>
      <add type="System.IdentityModel.Tokens.X509SecurityTokenHandler, System.IdentityModel">
        <x509SecurityTokenHandlerRequirement>
          mapToWindows=xs:boolean
          certificateValidationMode="None||ChainTrust||PeerTrust||PeerOrChainTrust||Custom"
          certificateValidator="Namespace.Class, Assembly"
          revocationMode="NoCheck||Offline||Online"
          trustedStoreLocation="CurrentUser||LocalMachine"
        </x509SecurityTokenHandlerRequirement>
      </add>
    </securityTokenHandlers>
  </identityConfiguration>
</system.identityModel>

The following sections describe attributes, child elements, and parent elements.

Attributes

Attribute

Description

certificateValidationMode

An X509CertificateValidationMode value that specifies the validation mode to use for the X.509 certificate. The default value is “PeerOrChainTrust”.

mapToWindows

Specifies whether the token handler should map the validating token to a Windows account by using the incoming UPN claim. The default is “false”.

revocationMode

An X509RevocationMode value that specifies the revocation mode to use for the X.509 certificate. The default value is “Online”.

trustedStoreLocation

A StoreLocation value that specifies the X.509 certificate store. The default value is “LocalMachine”.

certificateValidator

A custom type that derives from X509CertificateValidator. If the certificateValidationMode attribute is "Custom", an instance of this type is used for issuer certificate validation.

Child Elements

None

Parent Elements

Element

Description

<add> [securityTokenHandlers]

Adds the specified security token handler to the token handler collection.

    <add type="System.IdentityModel.Tokens.X509SecurityTokenHandler, System.IdentityModel">
        <x509SecurityTokenHandlerRequirement mapToWindows="true" 
                                             certificateValidationMode="PeerOrChainTrust" 
                                             revocationMode="Online" 
                                             trustedStoreLocation="LocalMachine" />
    </add>
Show:
© 2015 Microsoft