This documentation is archived and is not being maintained.

X509SecurityTokenAuthenticator Constructor (X509CertificateValidator, Boolean, Boolean)

Initializes a new instance of the X509SecurityTokenAuthenticator class using the specified certificate validation method and indicates whether the identity of the certificate is mapped to a Windows identity and the Windows groups the user belongs to.

Namespace:  System.IdentityModel.Selectors
Assembly:  System.IdentityModel (in System.IdentityModel.dll)

public:
X509SecurityTokenAuthenticator(
	X509CertificateValidator^ validator, 
	bool mapToWindows, 
	bool includeWindowsGroups
)

Parameters

validator
Type: System.IdentityModel.Selectors::X509CertificateValidator
A X509CertificateValidator that verifies that the certificate is valid.
mapToWindows
Type: System::Boolean
true to map the identity of the certificate to a Windows identity; otherwise, false.
includeWindowsGroups
Type: System::Boolean
true to include the groups the Windows user belongs to in the ClaimSets property that is constructed throughout the authentication process; otherwise, false.

Pass false to the includeWindowsGroups parameter when the Windows group information is not required to improve performance.

The X509CertificateValidator class has several static properties, such as the ChainTrust property that can be passed to the validator parameter. These properties provide common validation methods for X.509 certificates. When a custom validation method is required, derive a class from X509CertificateValidator and override the Validate(X509Certificate2) method. The Validate(X509Certificate2) method is called by the ValidateTokenCore method.

When true is passed into the mapToWindows parameter, the X.509 certificate is mapped to a Windows account and relevant claims are added to the EvaluationContext, such as the Windows groups that the user belongs to. When the security token is of type X509WindowsSecurityToken, the WindowsIdentity property is using the identity that is specified in the token; otherwise, the X.509 certificate is mapped to a Windows identity using a Kerberos S4U logon based on the user principal name SubjectAltNames extension of the X.509 certificate.

.NET Framework

Supported in: 4, 3.5, 3.0

.NET Framework Client Profile

Supported in: 4, 3.5 SP1

Windows 7, Windows Vista SP1 or later, Windows XP SP3, Windows Server 2008 (Server Core not supported), Windows Server 2008 R2 (Server Core supported with SP1 or later), Windows Server 2003 SP2

The .NET Framework does not support all versions of every platform. For a list of the supported versions, see .NET Framework System Requirements.
Show: