This documentation is archived and is not being maintained.

ServiceSecurityContext.PrimaryIdentity Property

Gets the primary identity associated with the current setting.

Namespace:  System.ServiceModel
Assembly:  System.ServiceModel (in System.ServiceModel.dll)

public IIdentity PrimaryIdentity { get; }

Property Value

Type: System.Security.Principal.IIdentity
An IIdentity associated with the current setting.

The primary identity is obtained from the credentials used to authenticate the current user. If the credential is an X.509 certificate, the identity is a concatenation of the subject name and the thumbprint (in that order). The subject name is separated from the thumbprint with a semicolon and a space. If the subject field of the certificate is null, the primary identity includes just a semicolon, a space, and the thumbprint.

When a duplex message exchange pattern is used with Kerberos direct authentication, this property becomes empty on the callback and the claimset is also empty. This does not happen when SspiNegotiated is used instead of Kerberos.

The Kerberos Requester Token is used only on the client to represent the service. The authorization policy that it generates contains one claim, an SPN; hence, no identity in the claim. In most cases there is no problem, because ServiceSecurityContext is not used on the client. In a duplex scenario during callback, if the callback inspects this property, it gets an anonymous identity.

For an example of using the PrimaryIdentity property to authorize a client using a certificate, see How To: Examine the Security Context.

Windows 7, Windows Vista, Windows XP SP2, Windows Server 2008 R2, Windows Server 2008, Windows Server 2003

The .NET Framework and .NET Compact Framework do not support all versions of every platform. For a list of the supported versions, see .NET Framework System Requirements.

.NET Framework

Supported in: 3.5, 3.0