X509CertificateValidator 类
定义
重要
一些信息与预发行产品相关,相应产品在发行之前可能会进行重大修改。 对于此处提供的信息,Microsoft 不作任何明示或暗示的担保。
验证 X.509 证书。
public ref class X509CertificateValidator abstract
public ref class X509CertificateValidator abstract : System::IdentityModel::Configuration::ICustomIdentityConfiguration
public abstract class X509CertificateValidator
public abstract class X509CertificateValidator : System.IdentityModel.Configuration.ICustomIdentityConfiguration
type X509CertificateValidator = class
type X509CertificateValidator = class
interface ICustomIdentityConfiguration
Public MustInherit Class X509CertificateValidator
Public MustInherit Class X509CertificateValidator
Implements ICustomIdentityConfiguration
- 继承
-
X509CertificateValidator
- 派生
- 实现
示例
public class MyX509CertificateValidator : X509CertificateValidator
{
string allowedIssuerName;
public MyX509CertificateValidator(string allowedIssuerName)
{
if (allowedIssuerName == null)
{
throw new ArgumentNullException("allowedIssuerName");
}
this.allowedIssuerName = allowedIssuerName;
}
public override void Validate(X509Certificate2 certificate)
{
// Check that there is a certificate.
if (certificate == null)
{
throw new ArgumentNullException("certificate");
}
// Check that the certificate issuer matches the configured issuer
if (allowedIssuerName != certificate.IssuerName.Name)
{
throw new SecurityTokenValidationException
("Certificate was not issued by a trusted issuer");
}
}
}
Public Class MyX509CertificateValidator
Inherits X509CertificateValidator
Private allowedIssuerName As String
Public Sub New(ByVal allowedIssuerName As String)
If allowedIssuerName Is Nothing Then
Throw New ArgumentNullException("allowedIssuerName")
End If
Me.allowedIssuerName = allowedIssuerName
End Sub
Public Overrides Sub Validate(ByVal certificate As X509Certificate2)
' Check that there is a certificate.
If certificate Is Nothing Then
Throw New ArgumentNullException("certificate")
End If
' Check that the certificate issuer matches the configured issuer
If allowedIssuerName <> certificate.IssuerName.Name Then
Throw New SecurityTokenValidationException("Certificate was not issued by a trusted issuer")
End If
End Sub
End Class
注解
使用 X509CertificateValidator 类指定将 X.509 证书视为有效的方式。 可通过从 X509CertificateValidator 派生类并重写 Validate 方法来完成此操作。
构造函数
X509CertificateValidator() |
初始化 X509CertificateValidator 类的新实例。 |
属性
ChainTrust |
获取使用信任链来验证 X.509 证书的验证程序。 |
None |
获取不对 X.509 证书执行验证的验证程序。 因此,X.509 证书总是被视为有效。 |
PeerOrChainTrust |
获取一个验证程序,它通过验证证书是否位于 |
PeerTrust |
获取一个验证程序,验证证书是否位于 |
方法
CreateChainTrustValidator(Boolean, X509ChainPolicy) |
获取一个验证程序,它通过指定用于构建和验证信任链的上下文和链策略来验证 X.509 证书。 |
CreatePeerOrChainTrustValidator(Boolean, X509ChainPolicy) |
获取一个验证程序,它验证证书是否位于 |
Equals(Object) |
确定指定对象是否等于当前对象。 (继承自 Object) |
GetHashCode() |
作为默认哈希函数。 (继承自 Object) |
GetType() |
获取当前实例的 Type。 (继承自 Object) |
LoadCustomConfiguration(XmlNodeList) |
在派生类中重写时,将从 XML 中加载自定义配置。 |
MemberwiseClone() |
创建当前 Object 的浅表副本。 (继承自 Object) |
ToString() |
返回表示当前对象的字符串。 (继承自 Object) |
Validate(X509Certificate2) |
当在派生类中重写时,验证 X.509 证书。 |