X509SecurityTokenAuthenticator Constructors
Definition
Important
Some information relates to prerelease product that may be substantially modified before it’s released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
Initializes a new instance of the X509SecurityTokenAuthenticator class.
Overloads
| X509SecurityTokenAuthenticator() |
Initializes a new instance of the X509SecurityTokenAuthenticator class. |
| X509SecurityTokenAuthenticator(X509CertificateValidator) |
Initializes a new instance of the X509SecurityTokenAuthenticator class using the specified certificate validator. |
| X509SecurityTokenAuthenticator(X509CertificateValidator, Boolean) |
Initializes a new instance of the X509SecurityTokenAuthenticator class using the specified certificate validation method and indicates whether the identity of the certificate is mapped to a Windows identity. |
| X509SecurityTokenAuthenticator(X509CertificateValidator, Boolean, Boolean) |
Initializes a new instance of the X509SecurityTokenAuthenticator class using the specified certificate validation method and indicates whether the identity of the certificate is mapped to a Windows identity and the Windows groups the user belongs to. |
X509SecurityTokenAuthenticator()
Initializes a new instance of the X509SecurityTokenAuthenticator class.
public:
X509SecurityTokenAuthenticator();public X509SecurityTokenAuthenticator ();Public Sub New ()Remarks
When the ValidateTokenCore method is called to authenticate the token, the X.509 certificate is not mapped to a Windows identity and the certificate is validated using a certificate chain.
Applies to
X509SecurityTokenAuthenticator(X509CertificateValidator)
Initializes a new instance of the X509SecurityTokenAuthenticator class using the specified certificate validator.
public:
X509SecurityTokenAuthenticator(System::IdentityModel::Selectors::X509CertificateValidator ^ validator);public X509SecurityTokenAuthenticator (System.IdentityModel.Selectors.X509CertificateValidator validator);new System.IdentityModel.Selectors.X509SecurityTokenAuthenticator : System.IdentityModel.Selectors.X509CertificateValidator -> System.IdentityModel.Selectors.X509SecurityTokenAuthenticatorPublic Sub New (validator As X509CertificateValidator)Parameters
- validator
- X509CertificateValidator
A X509CertificateValidator that verifies that the certificate is valid.
Remarks
The X509CertificateValidator class provides a set of pre-defined certificate validation models, such as the ChainTrust property. These validation models can be passed to the validator parameter. When an application requires a custom validation method, derive a class from X509CertificateValidator and override the Validate(X509Certificate2) method. The Validate(X509Certificate2) method is called by the ValidateTokenCore method.
By default, the X509SecurityTokenAuthenticator does not map the X.509 certificate to a Windows identity.
Applies to
X509SecurityTokenAuthenticator(X509CertificateValidator, Boolean)
Initializes a new instance of the X509SecurityTokenAuthenticator class using the specified certificate validation method and indicates whether the identity of the certificate is mapped to a Windows identity.
public:
X509SecurityTokenAuthenticator(System::IdentityModel::Selectors::X509CertificateValidator ^ validator, bool mapToWindows);public X509SecurityTokenAuthenticator (System.IdentityModel.Selectors.X509CertificateValidator validator, bool mapToWindows);new System.IdentityModel.Selectors.X509SecurityTokenAuthenticator : System.IdentityModel.Selectors.X509CertificateValidator * bool -> System.IdentityModel.Selectors.X509SecurityTokenAuthenticatorPublic Sub New (validator As X509CertificateValidator, mapToWindows As Boolean)Parameters
- validator
- X509CertificateValidator
A X509CertificateValidator that verifies that the certificate is valid.
- mapToWindows
- Boolean
true to map the identity of the certificate to a Windows identity; otherwise, false.
Remarks
The X509CertificateValidator class provides a set of pre-defined certificate validation models, such as the ChainTrust property. These validation models can be passed to the validator parameter. When an application requires a custom validation method, derive a class from X509CertificateValidator and override the Validate(X509Certificate2) method. The Validate(X509Certificate2) method is called by the ValidateTokenCore method.
When the ValidateTokenCore method is called to authenticate the token and mapToWindows is true, the X.509 certificate is mapped to a Windows account and claims are added to the EvaluationContext with the Windows groups that the user belongs to. How the X.509 certificate is mapped to a Windows account depends upon the security token type:
When the security token is of type X509WindowsSecurityToken, the X.509 certificate is mapped using the WindowsIdentity property.
When the security token is of type
X509SecurityToken, the X.509 certificate is mapped to a Windows account using its user principal name (UPN).
Applies to
X509SecurityTokenAuthenticator(X509CertificateValidator, Boolean, Boolean)
Initializes a new instance of the X509SecurityTokenAuthenticator class using the specified certificate validation method and indicates whether the identity of the certificate is mapped to a Windows identity and the Windows groups the user belongs to.
public:
X509SecurityTokenAuthenticator(System::IdentityModel::Selectors::X509CertificateValidator ^ validator, bool mapToWindows, bool includeWindowsGroups);public X509SecurityTokenAuthenticator (System.IdentityModel.Selectors.X509CertificateValidator validator, bool mapToWindows, bool includeWindowsGroups);new System.IdentityModel.Selectors.X509SecurityTokenAuthenticator : System.IdentityModel.Selectors.X509CertificateValidator * bool * bool -> System.IdentityModel.Selectors.X509SecurityTokenAuthenticatorPublic Sub New (validator As X509CertificateValidator, mapToWindows As Boolean, includeWindowsGroups As Boolean)Parameters
- validator
- X509CertificateValidator
A X509CertificateValidator that verifies that the certificate is valid.
- mapToWindows
- Boolean
true to map the identity of the certificate to a Windows identity; otherwise, false.
- includeWindowsGroups
- Boolean
true to include the groups the Windows user belongs to in the ClaimSets property that is constructed throughout the authentication process; otherwise, false.
Remarks
Pass false to the includeWindowsGroups parameter when the Windows group information is not required to improve performance.
The X509CertificateValidator class has several static properties, such as the ChainTrust property that can be passed to the validator parameter. These properties provide common validation methods for X.509 certificates. When a custom validation method is required, derive a class from X509CertificateValidator and override the Validate(X509Certificate2) method. The Validate(X509Certificate2) method is called by the ValidateTokenCore method.
When true is passed into the mapToWindows parameter, the X.509 certificate is mapped to a Windows account and relevant claims are added to the EvaluationContext, such as the Windows groups that the user belongs to. When the security token is of type X509WindowsSecurityToken, the WindowsIdentity property is using the identity that is specified in the token; otherwise, the X.509 certificate is mapped to a Windows identity using a Kerberos S4U logon based on the user principal name SubjectAltNames extension of the X.509 certificate.
Applies to
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for