<messageSenderAuthentication>

Specifies authentication settings for peer certificate used by a message sender.

<configuration>
  <system.serviceModel>
    <behaviors>
      <serviceBehaviors>
        <behavior>
          <serviceCredentials>
            <peer>
              <messageSenderAuthentication>

Syntax

<messageSenderAuthentication customCertificateValidatorType="namespace.typeName, [,AssemblyName] [,Version=version number] [,Culture=culture] [,PublicKeyToken=token]"
                             certificateValidationMode="ChainTrust/None/PeerTrust/PeerOrChainTrust/Custom"
                             revocationMode="NoCheck/Online/Offline"
                             trustedStoreLocation="CurrentUser/LocalMachine" />

Attributes and Elements

The following sections describe attributes, child elements, and parent elements.

Attributes

Attribute	Description
certificateValidationMode	Optional enumeration. Specifies one of five modes used to validate credentials. This attribute is of type X509CertificateValidationMode. If set to Custom, then a customCertificateValidator must also be supplied.
customCertificateValidatorType	Optional string. Specifies a type and assembly used to validate a custom type. This attribute must be set when certificateValidationMode is set to Custom. This attribute is of type X509CertificateValidator. Windows Communication Foundation (WCF) provides a default peer certificate validator that verifies the peer certificate against the trusted people store. It also verifies that the certificate chains up to a valid root. You can implement a custom validator to specify a different behavior and use this attribute to point to the custom validator.
revocationMode	Optional enumeration. Specifies the certificate revocation mode. This attribute is of type X509RevocationMode. The system verifies that the peer certificate has not been revoked by looking it up in the revoked certificate list. This check can be performed either by checking online or against a cached revocation list. Revocation checking can be turned off by setting this attribute to NoCheck.
trustedStoreLocation	Optional enumeration. Specifies the trusted store location where the peer certificate is validated by the WCF security system. This attribute is of type StoreLocation.

Child Elements

None.

Parent Elements

Element	Description
<peer>	Specifies the current credentials for a peer node.

Remarks

This element must be configured if message authentication is chosen. For output channels, each message is signed using the certificate provided by <certificate>. All messages, before delivered to the application, are checked against the message credential using the validator specified by the customCertificateValidatorType attribute of this element. The validator can either accept or reject the credential.

See also

• X509PeerCertificateAuthenticationElement
• X509PeerCertificateAuthentication
• MessageSenderAuthentication
• MessageSenderAuthentication
• Working with Certificates
• Peer-to-Peer Networking
• Peer Channel Message Authentication
• Peer Channel Custom Authentication
• Securing Peer Channel Applications