Was this page helpful?
Your feedback about this content is important. Let us know what you think.
Additional feedback?
1500 characters remaining
Export (0) Print
Expand All

X509ClientCertificateAuthentication.MapClientCertificateToWindowsAccount Property

Gets or sets a value that indicates whether the certificate is mapped to Windows accounts.

Namespace:  System.ServiceModel.Security
Assembly:  System.ServiceModel (in System.ServiceModel.dll)

public bool MapClientCertificateToWindowsAccount { get; set; }

Property Value

Type: System.Boolean
true if the certificate is mapped to Windows accounts; otherwise, false. The default is false.

ExceptionCondition
InvalidOperationException

set when credential is read-only.

When using the certificate client credential type on bindings, the certificate is not mapped to Windows accounts. You can override this behavior using this property. When this property is set to true, it causes the identity from the client certificate to be mapped to a Windows account.

The following code shows how to set this property.

// Create a service host.
Uri httpUri = new Uri("http://localhost/Calculator");
ServiceHost sh = new ServiceHost(typeof(Calculator), httpUri);

// Create a binding that uses Windows security.
WSHttpBinding b = new WSHttpBinding(SecurityMode.Message);
b.Security.Message.ClientCredentialType = MessageCredentialType.Windows;

// Get a reference to the authentication object.
X509ClientCertificateAuthentication myAuthProperties =
    sh.Credentials.ClientCertificate.Authentication;
// Configure IncludeWindowsGroups.
myAuthProperties.IncludeWindowsGroups = true;

The property can also be set in a configuration file.

<serviceCredentials>
  <clientCertificate>
     <authentication mapClientCertificateToWindowsAccount='true'/>
  </clientCertificate>
</serviceCredentials>

.NET Framework

Supported in: 4.6, 4.5, 4, 3.5, 3.0

.NET Framework Client Profile

Supported in: 4, 3.5 SP1
Show:
© 2015 Microsoft