CertificateDescription Class

Definition

Description of a certificate.

public class CertificateDescription : Microsoft.Identity.Abstractions.CredentialDescription
type CertificateDescription = class
    inherit CredentialDescription
Public Class CertificateDescription
Inherits CredentialDescription
Inheritance
CertificateDescription

Constructors

CertificateDescription()

Default constructor.

CertificateDescription(CredentialDescription)

Creates a certificate description from a credential description.

Properties

Base64EncodedValue

When SourceType is Base64Encoded, specifies the base64 encoded value of the certificate.

(Inherited from CredentialDescription)
CachedValue

When the credential is retrieved by a ICredentialsLoader, it will be stored in this property, where you can retrieve it. If the credential is a certificate, it will also be stored in the Certificate property.

(Inherited from CredentialDescription)
Certificate

.

CertificateDiskPath

When SourceType is Path, specifies the path to the certificate on disk. You can use this property to specify the path to a PFX file containing the certificate and its private key. If a password is needed, use CertificatePassword.

(Inherited from CredentialDescription)
CertificateDistinguishedName

When SourceType is StoreWithDistinguishedName, specifies the distinguished name of the certificate in the store specified by CertificateStorePath.

(Inherited from CredentialDescription)
CertificatePassword

When SourceType is Path, specifies the password to use to access the certificate which path is specified by CertificateDiskPath. Only use this property if the certificate is protected by a password.

(Inherited from CredentialDescription)
CertificateStorePath

When SourceType is StoreWithDistinguishedName or StoreWithThumbprint, specifies the certificate store from which to extract the certificate. The format is the concatenation of a value of StoreLocation and a value of StoreName separated by a slash. For instance, use CurrentUser/My for a user certificate, and LocalMachine/My for a computer certificate.

(Inherited from CredentialDescription)
CertificateThumbprint

When SourceType is StoreWithThumbprint specifies the thumbprint of the certificate to extract from the certificate store specified by CertificateStorePath.

(Inherited from CredentialDescription)
ClientSecret

When SourceType is ClientSecret, describes the client secret to use as a client credential in a confidential client application. The client secret is a string known only to the application and the identity provider. It needs to match the value configured during the application registration.

(Inherited from CredentialDescription)
Container

Container in which to find the credential. You will normally not use this property directly. It could be used by property editors in tools or IDEs. Instead, use the properties that are specific to the SourceType.

(Inherited from CredentialDescription)
CredentialType

Describes the type of credentials, based on the SourceType.

(Inherited from CredentialDescription)
DecryptKeysAuthenticationOptions

When SourceType is AutoDecryptKeys, this property describes the authority to use to get a token for a web API to get the keys used to decrypt an encrypted token. The cloud instance will be the same as the application, but the application can be a multi-tenant application (tenant = common or organizations), and in this case to get a token on behalf of itself, the credential type needs to provide a tenant. More generally you might want to specify authentication options, including protocol, PopKey, etc ... This credential description is only used for decrypt credentials, not for client credentials.

(Inherited from CredentialDescription)
Id

Gets a unique identifier for a CredentialDescription based on SourceType and ReferenceOrValue.

(Inherited from CredentialDescription)
KeyVaultCertificateName

When SourceType is KeyVault, use this property to specify the the name of the certificate in Key Vault in conjunction with KeyVaultUrl.

(Inherited from CredentialDescription)
KeyVaultUrl

When SourceType is KeyVault, use this property to specify the URL of the Key Vault containing the certificate, in conjunction with KeyVaultCertificateName.

(Inherited from CredentialDescription)
ManagedIdentityClientId

When SourceType is SignedAssertionFromManagedIdentity, it specifies the client ID of the Azure user-assigned managed identity used to provide a signed assertion to act as a client credential for the application. This requires that the application is deployed on Azure, that the managed identity is configured, and that workload identity federation with the managed identity is declared in the application registration. For details, see https://learn.microsoft.com/azure/active-directory/workload-identities/workload-identity-federation.

(Inherited from CredentialDescription)
ReferenceOrValue

Reference to the certificate or value. You will normally not use this property directly. It could be used by property editors in tools or IDEs. Instead, use the properties that are specific to the SourceType.

(Inherited from CredentialDescription)
SignedAssertionFileDiskPath

When SourceType is SignedAssertionFilePath, optionally specifies the path on disk of a file containing a signed assertion used as a client assertion for the confidential client application. The signed assertion file is a file containing a signed JWT assertion that is used as a client credential. You will usually use this option when you want to integrate with workload identity federation with Azure Kubernetes Service (AKS). For details, see https://learn.microsoft.com/azure/active-directory/workload-identities/workload-identity-federation.

(Inherited from CredentialDescription)
Skip

Skip this credential description. This is useful when, you specify a list of credentials, some of which don't apply in a particular deployment. It will also be used by the ICredentialsLoader if it cannot find or load the credential.

(Inherited from CredentialDescription)
SourceType

.

TokenExchangeUrl

(Microsoft Entra specific) Value that can be used to configure the token exchange resource url in the case of federation identity credentials with Managed identity.

(Inherited from CredentialDescription)
X509KeyStorageFlags

Defines where and how to import the private key of an X.509 certificate.

Methods

FromBase64Encoded(String, String)

Creates a certificate description from a Base64 encoded value.

FromBase64Encoded(String)

Creates a certificate description from a Base64 encoded value.

FromCertificate(X509Certificate2)

Creates a certificate description from a certificate (by code).

FromKeyVault(String, String)

Creates a certificate description from Key Vault.

FromPath(String, String)

Creates a certificate description from path on disk.

FromStoreWithDistinguishedName(String, StoreLocation, StoreName)

Creates a certificate description from a certificate distinguished name (such as CN=name) and store location (Certificate Manager on Windows, for instance).

FromStoreWithThumbprint(String, StoreLocation, StoreName)

Creates a certificate description from a thumbprint and store location (Certificate Manager on Windows, for instance).

Applies to