Certificate Claims

How do I examine the properties of the SSL certificate that was used for an HTTPS operation?

When a caller presents security information to the server, the caller is making a number of claims. Each claim is a piece of information that we want to later associate with the caller. Related claims are then typically bundled into a claim set that presents numerous pieces of information about a particular topic for an entity in the system.

As examples of pieces of information for an SSL certificate, think of things such as the certificate hash, the subject name, or the public key of the certificate. Each of these pieces of information is a claim about an SSL certificate. The set of claims related to a particular certificate form an X509CertificateClaimSet.

When an operation is invoked, the various sets of claims made for the operation are a part of the ServiceSecurityContext. You can access these through ServiceSecurityContext.Current.AuthorizationContext.ClaimSets. If a certificate claim set was presented for the operation, then it will be in this collection and all of the known properties about the certificate will be claims within that claim set.