Specifies authentication behaviors for service certificates used by a client.
<system.serviceModel>
<behaviors>
<endpointBehaviors>
<behavior> of <endpointBehaviors>
<clientCredentials>
<serviceCertificate> of <serviceCredentials>
<authentication customCertificateValidatorType="String" certificateValidationMode="None/PeerTrust/ChainTrust/PeerOrChainTrust/Custom"
revocationMode="NoCheck/Online/Offline"
trustedStoreLocation="LocalMachine/CurrentUser" />
Attributes and Elements
The following sections describe attributes, child elements, and parent elements
Attributes
| Attribute | Description |
|---|---|
customCertificateValidator |
String. A type and assembly used to validate a custom type. |
certifcateValidationMode |
Specifies one of three modes used to validate credentials. If set to Custom, then a customCertificateValidator must also be supplied. The default is ChainTrust. |
revocationMode |
One of the modes used to check for a revoked certificate lists (CRL). The default is Online. |
trustedStoreLocation |
One of the two system store locations: LocalMachine or CurrentUser. This value is used when a service certificate is negotiated to the client. Validation is performed against the Trusted People store in the specified store ___location. The default is CurrentUser. |
customCertificateValidator Attribute
| Value | Description |
|---|---|
String |
Specifies the type name and assembly and other data used to find the type. |
certificateValidationMode Attribute
| Value | Description |
|---|---|
Enumeration |
One of the following values: None, PeerTrust, ChainTrust, PeerOrChainTrust, Custom. For more information, see Working with Certificates. |
revocationMode Attribute
| Value | Description |
|---|---|
Enumeration |
One of the following values: NoCheck, Online, Offline. For more information, see Working with Certificates. |
trustedStoreLocation Attribute
| Value | Description |
|---|---|
Enumeration |
One of the following values: LocalMachine or CurrentUser. The default is CurrentUser. If the client application is running under a system account, then the certificate is typically under LocalMachine. If the client application is running under a user account, then the certificate is typically in CurrentUser. |
Child Elements
None.
Parent Elements
| Element | Description |
|---|---|
Specifies a certificate to use when authenticating a service to the client. |
Example
The following example does two tasks. It first specifies a service certificate for the client to use when communicating with endpoints whose ___domain name is www.contoso.com over the HTTP protocol. Second, it specifies the revocation mode and store ___location used during authentication.
<serviceCertificate>
<defaultCertificate findValue="www.contoso.com"
storeLocation="LocalMachine"
storeName="TrustedPeople"
x509FindType="FindByIssuerDistinguishedName" />
<scopedCertificates>
<add targetUri="https://www.contoso.com"
findValue="www.contoso.com" storeLocation="LocalMachine"
storeName="Root" x509FindType="FindByIssuerName" />
</scopedCertificates>
<authentication revocationMode="Online"
trustedStoreLocation="LocalMachine" />
</serviceCertificate>
See Also
Reference
<authentication> of <clientCertificate> Element
Other Resources
.gif)
Send comments about this topic to Microsoft.
© Microsoft Corporation. All rights reserved.