X509ClientCertificateAuthentication.MapClientCertificateToWindowsAccount Property


The .NET API Reference documentation has a new home. Visit the .NET API Browser on docs.microsoft.com to see the new experience.

Gets or sets a value that indicates whether the certificate is mapped to Windows accounts.

Namespace:   System.ServiceModel.Security
Assembly:  System.ServiceModel (in System.ServiceModel.dll)

Public Property MapClientCertificateToWindowsAccount As Boolean

Property Value

Type: System.Boolean

true if the certificate is mapped to Windows accounts; otherwise, false. The default is false.

Exception Condition

set when credential is read-only.

When using the certificate client credential type on bindings, the certificate is not mapped to Windows accounts. You can override this behavior using this property. When this property is set to true, it causes the identity from the client certificate to be mapped to a Windows account.

The following code shows how to set this property.

' Create a service host.
Dim httpUri As New Uri("http://localhost/Calculator")
Dim sh As New ServiceHost(GetType(Calculator), httpUri)

' Create a binding that uses Windows security.
Dim b As New WSHttpBinding(SecurityMode.Message)
b.Security.Message.ClientCredentialType = MessageCredentialType.Windows

' Get a reference to the authentication object.
Dim myAuthProperties As X509ClientCertificateAuthentication = _
' Configure IncludeWindowsGroups.
myAuthProperties.IncludeWindowsGroups = True

The property can also be set in a configuration file.

     <authentication mapClientCertificateToWindowsAccount='true'/>

.NET Framework
Available since 3.0
Return to top