Partilhar via


<peerAuthentication> Element

Specifies authentication options for peer-to-peer clients.

For more information about peer-to-peer programming, see Peer to Peer Networking.

Schema Hierarchy

<system.serviceModel>
  <behaviors>
    <endpointBehaviors>
      <behavior> of <endpointBehaviors>
        <clientCredentials>
          <peer> of <clientCredentials> Element
            <peerAuthentication> Element

Syntax

<peerAuthentication
customCertificateValidatorType = "namespace.typeName, [,AssemblyName] [,Version=version number] [,Culture=culture] [,PublicKeyToken=token]"
certificateValidationMode = "ChainTrust/None/PeerTrust/PeerOrChainTrust/Custom"
revocationMode="NoCheck/Online/Offline"
trustedStoreLocation="CurrentUser/LocalMachine" 
/>

Attributes and Elements

The following sections describe attributes, child elements, and parent elements

Attributes

Attribute Description

customCertificateValidatorType

Optional string. A type and assembly used to validate a custom type. This attribute must be set when certificateValidationMode is set to Custom.

certifcateValidationMode

Optional enumeration. Specifies one of three modes used to validate credentials. If set to Custom, then a customCertificateValidator must also be supplied. The default is ChainTrust.

revocationMode

Optional enumeration. One of the modes used to check for a revoked certificate lists (CRL). The default is Online.

trustedStoreLocation

Optional enumeration. One of the two system store locations: LocalMachine or CurrentUser. This value is used when a service certificate is negotiated to the client. Validation is performed against the Trusted People store in the specified store location. The default is CurrentUser.

Child Elements

None.

Parent Elements

Element Description

<peer> of <clientCredentials> Element

Specifies a credential used for authenticating the client to a peer service.

Remarks

The <authentication> element corresponds to the X509PeerCertificateAuthentication class. This element specifies a validator, which is invoked during neighbor-to-neighbor authentication in the mesh. When a new peer tries to establish a neighbor connection, it passes its own credential to the responding peer. The validator of the responder is invoked to verify the credential of the remote party. Whenever a peer connection is established in the mesh, both peers are mutually authenticated, meaning validators on both ends are invoked.

Example

The following code sets the certificate validation mode to PeerOrChainTrust.

<behaviors>
 <endpointBehaviors>
  <behavior name="MyEndpointBehavior">
   <clientCredentials>
    <peer>
     <certificate findValue="www.contoso.com" 
                   storeLocation="LocalMachine"
                   x509FindType="FindByIssuerName" />
     <peerAuthentication 
          certificateValidationMode="PeerOrChainTrust" />
     <messageSenderAuthentication certificateValidationMode="None" />
    </peer>
   </clientCredentials>
  </behavior>
</endpointBehaviors>

See Also

Reference

PeerCredentialElement
X509PeerCertificateAuthentication
PeerAuthentication
PeerAuthentication
X509PeerCertificateAuthenticationElement

Other Resources

Working with Certificates
Peer to Peer Networking
Peer Channel Message Authentication
Peer Channel Custom Authentication
Best Practices for Securing PeerChannel Applications