Share via

<add> of <scopedCertificates> Element

  • Article

Adds an X.509 certificate to the collection of scoped certificates.

Schema Hierarchy

<system.serviceModel>
  <behaviors>
    <endpointBehaviors>
      <behavior> of <endpointBehaviors>
        <clientCredentials>
          <serviceCertificate> of <serviceCredentials>
            <scopedCertificates> Element
              <add> of <scopedCertificates> Element

Syntax

<add findValue="String"
          storeLocation="CurrentUser/LocalMachine"
          storeName=" CurrentUser/LocalMachine"
          targetUri="string"
         x509Type="FindByThumbprint/FindBySubjectName/FindBySubjectDistinguishedName/FindByIssuerName/FindByIssuerDistinguishedName/FindBySerialNumber/FindByTimeValid/FindByTimeNotYetValid/FindBySerialNumber/FindByTimeExpired/FindByTemplateName/FindByApplicationPolicy/FindByCertificatePolicy/FindByExtension/FindByKeyUsage/FindBySubjectKeyIdentifier" 
/>

Attributes and Elements

The following sections describe attributes, child elements, and parent elements

Attributes

Attribute Description

targetUri

String. Specifies the URI of the service associated with the certificate.

findValue

String. The value to search for.

x509FindType

Enumeration. One of the certificate fields to search.

storeLocation

Enumeration. One of the two store locations to search.

storeName

Enumeration. One of the system stores to search.

Child Elements

None.

Parent Elements

Element Description

<scopedCertificates> Element

Represents a collection of X.509 certificates provided by specific services (scoped) for authentication.

Remarks

This element enables the client to configure a service certificate to use based on the URL of the service it communicates with. This is especially useful in issued token scenarios where a client can be communicating to multiple services (the end service as well as intermediary security token services). For bindings that use certificate-based message security, this certificate is used to encrypt messages to the service, and is expected to be used by the service for signing replies to the client.

If a binding requires a certificate for the service and no specific certificate for the service URL is found in the ScopedCertificates, the default certificate is used.

For more information, see the "Scoped Certificates" section of How To: Create a Federated Client.

Example

The following example adds an X.509 certificate the collection.

<behaviors>
 <endpointBehaviors>
  <behavior name="MyEndpointBehavior">
   <clientCredentials>
    <serviceCertificate>
     <scopedCertificates>
      <add targetUri="https://www.contoso.com" 
       findValue="www.Contoso.com" 
       storeLocation="LocalMachine"
       storeName="Root" 
       x509FindType="FindByIssuerName" />
     </scopedCertificates>
    </serviceCertificate>
   </clientCredentials>
  </behavior>
 </endpointBehaviors>
</behaviors>

See Also

Reference

ScopedCertificates
X509ScopedServiceCertificateElementCollection
X509ScopedServiceCertificateElement
X509CertificateRecipientClientCredential
ScopedCertificates

Other Resources

How To: Create a Federated Client
Working with Certificates
Securing Clients
Securing Services and Clients