Partilhar via


<clientCertificate> of <clientCredentials> Element

Defines an X.509 certificate used to authenticate a client to a service.

Schema Hierarchy

<system.serviceModel>
  <behaviors>
    <endpointBehaviors>
      <behavior> of <endpointBehaviors>
        <clientCredentials>
          <clientCertificate> of <clientCredentials> Element

Syntax

<clientCertificate findValue="String" 
    storeLocation="LocalMachine/CurrentUser"
    storeName="AddressBook/AuthRoot/CertificateAuthority/Disallowed/My/Root/TrustedPeople/TrustedPublisher"
X509FindType="FindByThumbPrint/FindBySubjectName/FindBySubjectDistinguishedName/FindByIssuerName/FindByIssuerDistinguishedName/FindBySerialNumber/FindByTimeValid/FindByTimeNotYetValid/FindByTemplateName/FindByApplicationPolicy/FindByCertificatePolicy/FindByExtension/FindByKeyUsage/FindBySubjectKeyIdentifier"
/>

Attributes and Elements

The following sections describe attributes, child elements, and parent elements

Attributes

Attribute Description

findValue

A string that contains the value to search for in the X.509 certificate store. The type contained in the attribute must satisfy the requirements of the X509FindType attribute value. The default is an empty string.

storeLocation

Specifies the location of the X.509 certificate that the client uses to authenticate itself to the service. Valid values include the following:

  • LocalMachine: the certificate store assigned to the local machine.

  • CurrentUser: the certificate store assigned to the current user.

The default is LocalMachine. This attribute is of type StoreLocation.

storeName

Specifies the name of the X.509 certificate store to search. Valid values include the following:

  • AddressBook: Certificate store for other users.

  • AuthRoot: Certificate store for third-party certificate authorities (CAs).

  • CertificateAuthority: Certificate store for intermediate certificate authorities (CAs).

  • Disallowed: Certificate store for revoked certificates.

  • My: Certificate store for personal certificates.

  • Root: Certificate store for trusted root certificate authorities (CAs).

  • TrustedPeople: Certificate store for directly trusted people and resources.

  • TrustedPublisher: Certificate store for directly trusted publishers.

The default is My. This attribute is of type StoreName.

X509FindType

Defines the type of X.509 search to be executed. The type contained in the findValue attribute must satisfy the requirements of this attribute. Valid values include the following:

  • FindByThumbPrint

  • FindBySubjectName

  • FindBySubjectDistinguishedName

  • FindByIssuerName

  • FindByIssuerDistinguishedName

  • FindBySerialNumber

  • FindByTimeValid

  • FindByTimeNotYetValid

  • FindByTemplateName

  • FindByApplicationPolicy

  • FindByCertificatePolicy

  • FindByExtension

  • FindByKeyUsage

  • FindBySubjectKeyIdentifier

The default value is FindBySubjectDistinguishedName. This attribute is of type X509FindType.

Child Elements

None.

Parent Elements

Element Description

<clientCredentials>

Specifies the credentials used to authenticate the client to a service.

Remarks

This configuration element specifies the certificate used to authenticate the client with this element. For more information, see How to: Specify Client Credential Values.

See Also

Reference

ClientCredentialsElement
ClientCertificate
ClientCredentials
ClientCertificate
X509InitiatorCertificateServiceElement
X509CertificateInitiatorClientCredential

Other Resources

Security Behaviors in WCF
How to: Specify Client Credential Values
Securing Clients
Working with Certificates
Securing Services and Clients