X509ClientCertificateAuthentication.IncludeWindowsGroups Property


The .NET API Reference documentation has a new home. Visit the .NET API Browser on docs.microsoft.com to see the new experience.

Gets or sets a value that indicates whether Windows groups are included in the authorization context.

Namespace:   System.ServiceModel.Security
Assembly:  System.ServiceModel (in System.ServiceModel.dll)

public bool IncludeWindowsGroups { get; set; }

Property Value

Type: System.Boolean

true if Windows groups are included in the authorization context; otherwise, false. The default is true.

This property is valid only when the MapClientCertificateToWindowsAccount property is set to true.

Set this property to false only if you do not need to establish the list of groups a user belongs to - this may result in a performance benefit if your application and authorization decisions do not require Windows groups.

The following code shows how to set this property.

// Create a service host.
Uri httpUri = new Uri("http://localhost/Calculator");
ServiceHost sh = new ServiceHost(typeof(Calculator), httpUri);
// Create a binding that uses a certificate.
WSHttpBinding b = new WSHttpBinding(SecurityMode.Message);
b.Security.Message.ClientCredentialType = 

// Get a reference to the authentication object.
X509ClientCertificateAuthentication myAuthProperties =
// Configure IncludeWindowsGroups.
myAuthProperties.IncludeWindowsGroups = true;

The property can also be set in a configuration file.

     <authentication includeWindowsGroups ='true'/>

.NET Framework
Available since 3.0
Return to top