通过

X509CertificateValidator 类

  • 参考

定义

命名空间:
System.IdentityModel.Selectors
程序集:
System.ServiceModel.Primitives.dll
程序集:
System.IdentityModel.dll
包:
System.ServiceModel.Primitives v6.0.0
包:
System.ServiceModel.Primitives v6.2.0
包:
System.ServiceModel.Primitives v8.0.0
Source:
X509CertificateValidator.cs
Source:
X509CertificateValidator.cs
Source:
X509CertificateValidator.cs

验证 X.509 证书。

public ref class X509CertificateValidator abstract
public ref class X509CertificateValidator abstract : System::IdentityModel::Configuration::ICustomIdentityConfiguration
public abstract class X509CertificateValidator
public abstract class X509CertificateValidator : System.IdentityModel.Configuration.ICustomIdentityConfiguration
type X509CertificateValidator = class
type X509CertificateValidator = class
    interface ICustomIdentityConfiguration
Public MustInherit Class X509CertificateValidator
Public MustInherit Class X509CertificateValidator
Implements ICustomIdentityConfiguration
继承
Object
X509CertificateValidator
派生
实现
ICustomIdentityConfiguration

示例

public class MyX509CertificateValidator : X509CertificateValidator
{
    string allowedIssuerName;
    public MyX509CertificateValidator(string allowedIssuerName)
    {
        if (allowedIssuerName == null)
        {
            throw new ArgumentNullException("allowedIssuerName");
        }

        this.allowedIssuerName = allowedIssuerName;
    }
    public override void Validate(X509Certificate2 certificate)
    {
        // Check that there is a certificate.
        if (certificate == null)
        {
            throw new ArgumentNullException("certificate");
        }

        // Check that the certificate issuer matches the configured issuer
        if (allowedIssuerName != certificate.IssuerName.Name)
        {
            throw new SecurityTokenValidationException
              ("Certificate was not issued by a trusted issuer");
        }
    }
}


Public Class MyX509CertificateValidator
    Inherits X509CertificateValidator
    Private allowedIssuerName As String

    Public Sub New(ByVal allowedIssuerName As String)
        If allowedIssuerName Is Nothing Then
            Throw New ArgumentNullException("allowedIssuerName")
        End If

        Me.allowedIssuerName = allowedIssuerName

    End Sub

    Public Overrides Sub Validate(ByVal certificate As X509Certificate2)
        ' Check that there is a certificate.
        If certificate Is Nothing Then
            Throw New ArgumentNullException("certificate")
        End If

        ' Check that the certificate issuer matches the configured issuer
        If allowedIssuerName <> certificate.IssuerName.Name Then
            Throw New SecurityTokenValidationException("Certificate was not issued by a trusted issuer")
        End If

    End Sub
End Class

注解

使用 X509CertificateValidator 类指定将 X.509 证书视为有效的方式。 可通过从 X509CertificateValidator 派生类并重写 Validate 方法来完成此操作。

构造函数

X509CertificateValidator()

初始化 X509CertificateValidator 类的新实例。

属性

ChainTrust

获取使用信任链来验证 X.509 证书的验证程序。
None

获取不对 X.509 证书执行验证的验证程序。 因此,X.509 证书总是被视为有效。
PeerOrChainTrust

获取一个验证程序,它通过验证证书是否位于 TrustedPeople 证书存储区中来验证证书,或通过构建证书信任链来验证证书。 如果证书通过任一验证方法,就是受信任的。
PeerTrust

获取一个验证程序,验证证书是否位于 TrustedPeople 证书存储区中。

方法

CreateChainTrustValidator(Boolean, X509ChainPolicy)

获取一个验证程序,它通过指定用于构建和验证信任链的上下文和链策略来验证 X.509 证书。
CreatePeerOrChainTrustValidator(Boolean, X509ChainPolicy)

获取一个验证程序,它验证证书是否位于 TrustedPeople 证书存储区中,或通过指定用于构建证书信任链的上下文和链策略来验证证书。 如果证书通过任一验证方法,就是受信任的。
Equals(Object)

确定指定对象是否等于当前对象。

(继承自 Object)
GetHashCode()

作为默认哈希函数。

(继承自 Object)
GetType()

获取当前实例的 Type

(继承自 Object)
LoadCustomConfiguration(XmlNodeList)

在派生类中重写时,将从 XML 中加载自定义配置。
MemberwiseClone()

创建当前 Object 的浅表副本。

(继承自 Object)
ToString()

返回表示当前对象的字符串。

(继承自 Object)
Validate(X509Certificate2)

当在派生类中重写时,验证 X.509 证书。

适用于