Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Specifies authentication options for peer-to-peer clients.
For more information about peer-to-peer programming, see Peer-to-Peer Networking.
<configuration>
<system.serviceModel>
<behaviors>
<endpointBehaviors>
<behavior>
<clientCredentials>
<peer>
<peerAuthentication>
Syntax
<peerAuthentication customCertificateValidatorType="namespace.typeName, [,AssemblyName] [,Version=version number] [,Culture=culture] [,PublicKeyToken=token]"
certificateValidationMode="ChainTrust/None/PeerTrust/PeerOrChainTrust/Custom"
revocationMode="NoCheck/Online/Offline"
trustedStoreLocation="CurrentUser/LocalMachine" />
Attributes and Elements
The following sections describe attributes, child elements, and parent elements
Attributes
| Attribute | Description |
|---|---|
customCertificateValidatorType |
Optional string. A type and assembly used to validate a custom type. This attribute must be set when certificateValidationMode is set to Custom. |
certificateValidationMode |
Optional enumeration. Specifies one of three modes used to validate credentials. If set to Custom, then a customCertificateValidator must also be supplied. The default is ChainTrust. |
revocationMode |
Optional enumeration. One of the modes used to check for a revoked certificate lists (CRL). The default is Online. |
trustedStoreLocation |
Optional enumeration. One of the two system store locations: LocalMachine or CurrentUser. This value is used when a service certificate is negotiated to the client. Validation is performed against the Trusted People store in the specified store ___location. The default is CurrentUser. |
customCertificateValidatorType Attribute
| Value | Description |
|---|---|
| String | Specifies the type name and assembly and other data used to find the type. At minimum, a namespace and type name are required. Optional information includes: assembly name, version number, culture, and public key token. |
certificateValidationMode Attribute
| Value | Description |
|---|---|
| Enumeration | One of the following values: None, PeerTrust, ChainTrust, PeerOrChainTrust, Custom. The default is ChainTrust.For more information, see Working with Certificates. |
revocationMode Attribute
| Value | Description |
|---|---|
| Enumeration | One of the following values: NoCheck, Online, Offline. The default is Online.For more information, see Working with Certificates. |
trustedStoreLocation Attribute
| Value | Description |
|---|---|
| Enumeration | One of the following values: LocalMachine or CurrentUser. The default is CurrentUser. If the client application is running under a system account then the certificate is typically under LocalMachine. If the client application is running under a user account then the certificate is typically in CurrentUser. |
Child Elements
None.
Parent Elements
| Element | Description |
|---|---|
| <peer> | Specifies a credential used for authenticating the client to a peer service. |
Remarks
The <authentication> element corresponds to the X509PeerCertificateAuthentication class. This element specifies a validator, which is invoked during neighbor-to-neighbor authentication in the mesh. When a new peer tries to establish a neighbor connection, it passes its own credential to the responding peer. The validator of the responder is invoked to verify the credential of the remote party. Whenever a peer connection is established in the mesh, both peers are mutually authenticated, meaning validators on both ends are invoked.
Example
The following code sets the certificate validation mode to PeerOrChainTrust.
<behaviors>
<endpointBehaviors>
<behavior name="MyEndpointBehavior">
<clientCredentials>
<peer>
<certificate findValue="www.contoso.com"
storeLocation="LocalMachine"
x509FindType="FindByIssuerName" />
<peerAuthentication certificateValidationMode="PeerOrChainTrust" />
<messageSenderAuthentication certificateValidationMode="None" />
</peer>
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors>
See also
Collaborate with us on GitHub
The source for this content can be found on GitHub, where you can also create and review issues and pull requests. For more information, see our contributor guide.
