IssuedTokenServiceCredential.CustomCertificateValidator Property


The .NET API Reference documentation has a new home. Visit the .NET API Browser on to see the new experience.

Gets or sets a custom X.509 certificate validator.

Namespace:   System.ServiceModel.Security
Assembly:  System.ServiceModel (in System.ServiceModel.dll)

public X509CertificateValidator CustomCertificateValidator { get; set; }

Property Value

Type: System.IdentityModel.Selectors.X509CertificateValidator

A custom X.509 certificate validator.

The following code shows one way to access and set this property.

serviceHost.Credentials.ClientCertificate.Authentication.CertificateValidationMode =
serviceHost.Credentials.ClientCertificate.Authentication.CustomCertificateValidator =
    new MyX509CertificateValidator("");

The custom validator referenced in the prior code is defined in the following code.

public class MyX509CertificateValidator : X509CertificateValidator
    string allowedIssuerName;

    public MyX509CertificateValidator(string allowedIssuerName)
        if (allowedIssuerName == null)
            throw new ArgumentNullException("allowedIssuerName");

        this.allowedIssuerName = allowedIssuerName;

    public override void Validate(X509Certificate2 certificate)
        // Check that there is a certificate.
        if (certificate == null)
            throw new ArgumentNullException("certificate");

        // Check that the certificate issuer matches the configured issuer.
        if (allowedIssuerName != certificate.IssuerName.Name)
            throw new SecurityTokenValidationException
              ("Certificate was not issued by a trusted issuer");

.NET Framework
Available since 3.0
Return to top