Share via

<x509SecurityTokenHandlerRequirement>

  • Article

Provides optional configuration for the X509SecurityTokenHandler class or derived classes.

<configuration>
  <system.identityModel>
    <identityConfiguration>
      <securityTokenHandlers>
        <add>
          <x509SecurityTokenHandlerRequirement>

Syntax

<system.identityModel>  
  <identityConfiguration>  
    <securityTokenHandlers>  
      <add type="System.IdentityModel.Tokens.X509SecurityTokenHandler, System.IdentityModel">  
        <x509SecurityTokenHandlerRequirement>  
          mapToWindows=xs:boolean  
          certificateValidationMode="None||ChainTrust||PeerTrust||PeerOrChainTrust||Custom"  
          certificateValidator="Namespace.Class, Assembly"  
          revocationMode="NoCheck||Offline||Online"  
          trustedStoreLocation="CurrentUser||LocalMachine"  
        </x509SecurityTokenHandlerRequirement>  
      </add>  
    </securityTokenHandlers>  
  </identityConfiguration>  
</system.identityModel>

Attributes and Elements

The following sections describe attributes, child elements, and parent elements.

Attributes

Attribute Description
certificateValidationMode An X509CertificateValidationMode value that specifies the validation mode to use for the X.509 certificate. The default value is "PeerOrChainTrust".
mapToWindows Specifies whether the token handler should map the validating token to a Windows account by using the incoming UPN claim. The default is "false".
revocationMode An X509RevocationMode value that specifies the revocation mode to use for the X.509 certificate. The default value is "Online".
trustedStoreLocation A StoreLocation value that specifies the X.509 certificate store. The default value is "LocalMachine".
certificateValidator A custom type that derives from X509CertificateValidator. If the certificateValidationMode attribute is "Custom", an instance of this type is used for issuer certificate validation.

Child Elements

None

Parent Elements

Element Description
<add> Adds the specified security token handler to the token handler collection.

Example

<add type="System.IdentityModel.Tokens.X509SecurityTokenHandler, System.IdentityModel">  
    <x509SecurityTokenHandlerRequirement mapToWindows="true"
                                         certificateValidationMode="PeerOrChainTrust"
                                         revocationMode="Online"
                                         trustedStoreLocation="LocalMachine" />  
</add>