X509SecurityTokenAuthenticator 构造函数
定义
初始化 X509SecurityTokenAuthenticator 类的新实例。Initializes a new instance of the X509SecurityTokenAuthenticator class.
重载
| X509SecurityTokenAuthenticator() |
初始化 X509SecurityTokenAuthenticator 类的新实例。Initializes a new instance of the X509SecurityTokenAuthenticator class. |
| X509SecurityTokenAuthenticator(X509CertificateValidator) |
使用指定的证书验证程序初始化 X509SecurityTokenAuthenticator 类的新实例。Initializes a new instance of the X509SecurityTokenAuthenticator class using the specified certificate validator. |
| X509SecurityTokenAuthenticator(X509CertificateValidator, Boolean) |
使用指定的证书验证方法初始化 X509SecurityTokenAuthenticator 类的新实例,并指示是否将证书标识映射到 Windows 标识。Initializes a new instance of the X509SecurityTokenAuthenticator class using the specified certificate validation method and indicates whether the identity of the certificate is mapped to a Windows identity. |
| X509SecurityTokenAuthenticator(X509CertificateValidator, Boolean, Boolean) |
使用指定的证书验证方法初始化 X509SecurityTokenAuthenticator 类的新实例,并指示是否将证书标识映射到 Windows 标识以及用户所属的 Windows 组。Initializes a new instance of the X509SecurityTokenAuthenticator class using the specified certificate validation method and indicates whether the identity of the certificate is mapped to a Windows identity and the Windows groups the user belongs to. |
X509SecurityTokenAuthenticator()
初始化 X509SecurityTokenAuthenticator 类的新实例。Initializes a new instance of the X509SecurityTokenAuthenticator class.
public:
X509SecurityTokenAuthenticator();
public X509SecurityTokenAuthenticator ();
Public Sub New ()
注解
如果调用 ValidateTokenCore 方法对令牌进行身份验证,则不会将 X.509 证书映射到 Windows 标识,也不会使用证书链来验证证书。When the ValidateTokenCore method is called to authenticate the token, the X.509 certificate is not mapped to a Windows identity and the certificate is validated using a certificate chain.
适用于
X509SecurityTokenAuthenticator(X509CertificateValidator)
使用指定的证书验证程序初始化 X509SecurityTokenAuthenticator 类的新实例。Initializes a new instance of the X509SecurityTokenAuthenticator class using the specified certificate validator.
public:
X509SecurityTokenAuthenticator(System::IdentityModel::Selectors::X509CertificateValidator ^ validator);
public X509SecurityTokenAuthenticator (System.IdentityModel.Selectors.X509CertificateValidator validator);
new System.IdentityModel.Selectors.X509SecurityTokenAuthenticator : System.IdentityModel.Selectors.X509CertificateValidator -> System.IdentityModel.Selectors.X509SecurityTokenAuthenticator
Public Sub New (validator As X509CertificateValidator)
参数
- validator
- X509CertificateValidator
一个 X509CertificateValidator,用于验证证书是否有效。A X509CertificateValidator that verifies that the certificate is valid.
注解
X509CertificateValidator 类提供了一组预定义的证书验证模型,如 ChainTrust 属性。The X509CertificateValidator class provides a set of pre-defined certificate validation models, such as the ChainTrust property. 可以将这些验证模型传递给 validator 参数。These validation models can be passed to the validator parameter. 当应用程序要求使用自定义验证方法时,请从 X509CertificateValidator 中派生一个类,并重写 Validate(X509Certificate2) 方法。When an application requires a custom validation method, derive a class from X509CertificateValidator and override the Validate(X509Certificate2) method. Validate(X509Certificate2) 方法由 ValidateTokenCore 方法调用。The Validate(X509Certificate2) method is called by the ValidateTokenCore method.
默认情况下,X509SecurityTokenAuthenticator 不会将 X.509 证书映射到 Windows 标识。By default, the X509SecurityTokenAuthenticator does not map the X.509 certificate to a Windows identity.
适用于
X509SecurityTokenAuthenticator(X509CertificateValidator, Boolean)
使用指定的证书验证方法初始化 X509SecurityTokenAuthenticator 类的新实例,并指示是否将证书标识映射到 Windows 标识。Initializes a new instance of the X509SecurityTokenAuthenticator class using the specified certificate validation method and indicates whether the identity of the certificate is mapped to a Windows identity.
public:
X509SecurityTokenAuthenticator(System::IdentityModel::Selectors::X509CertificateValidator ^ validator, bool mapToWindows);
public X509SecurityTokenAuthenticator (System.IdentityModel.Selectors.X509CertificateValidator validator, bool mapToWindows);
new System.IdentityModel.Selectors.X509SecurityTokenAuthenticator : System.IdentityModel.Selectors.X509CertificateValidator * bool -> System.IdentityModel.Selectors.X509SecurityTokenAuthenticator
Public Sub New (validator As X509CertificateValidator, mapToWindows As Boolean)
参数
- validator
- X509CertificateValidator
一个 X509CertificateValidator,用于验证证书是否有效。A X509CertificateValidator that verifies that the certificate is valid.
- mapToWindows
- Boolean
若要将证书标识映射到 Windows 标识,则为 true;否则为 false。true to map the identity of the certificate to a Windows identity; otherwise, false.
注解
X509CertificateValidator 类提供了一组预定义的证书验证模型,如 ChainTrust 属性。The X509CertificateValidator class provides a set of pre-defined certificate validation models, such as the ChainTrust property. 可以将这些验证模型传递给 validator 参数。These validation models can be passed to the validator parameter. 当应用程序要求使用自定义验证方法时,请从 X509CertificateValidator 中派生一个类,并重写 Validate(X509Certificate2) 方法。When an application requires a custom validation method, derive a class from X509CertificateValidator and override the Validate(X509Certificate2) method. Validate(X509Certificate2) 方法由 ValidateTokenCore 方法调用。The Validate(X509Certificate2) method is called by the ValidateTokenCore method.
如果调用 ValidateTokenCore 方法对令牌进行身份验证并且 mapToWindows 为 true,则会将 X.509 证书映射到 Windows 帐户,并将声明添加到用户所属的 Windows 组所在的 EvaluationContext 中。When the ValidateTokenCore method is called to authenticate the token and mapToWindows is true, the X.509 certificate is mapped to a Windows account and claims are added to the EvaluationContext with the Windows groups that the user belongs to. 将 X.509 证书映射到 Windows 帐户的方式取决于安全令牌类型:How the X.509 certificate is mapped to a Windows account depends upon the security token type:
如果安全令牌类型为 X509WindowsSecurityToken,则使用 WindowsIdentity 属性映射 X.509 证书。When the security token is of type X509WindowsSecurityToken, the X.509 certificate is mapped using the WindowsIdentity property.
如果安全令牌类型为
X509SecurityToken,则使用 Windows 帐户的用户主要名称 (UPN) 将 X.509 证书映射到该帐户。When the security token is of typeX509SecurityToken, the X.509 certificate is mapped to a Windows account using its user principal name (UPN).
适用于
X509SecurityTokenAuthenticator(X509CertificateValidator, Boolean, Boolean)
使用指定的证书验证方法初始化 X509SecurityTokenAuthenticator 类的新实例,并指示是否将证书标识映射到 Windows 标识以及用户所属的 Windows 组。Initializes a new instance of the X509SecurityTokenAuthenticator class using the specified certificate validation method and indicates whether the identity of the certificate is mapped to a Windows identity and the Windows groups the user belongs to.
public:
X509SecurityTokenAuthenticator(System::IdentityModel::Selectors::X509CertificateValidator ^ validator, bool mapToWindows, bool includeWindowsGroups);
public X509SecurityTokenAuthenticator (System.IdentityModel.Selectors.X509CertificateValidator validator, bool mapToWindows, bool includeWindowsGroups);
new System.IdentityModel.Selectors.X509SecurityTokenAuthenticator : System.IdentityModel.Selectors.X509CertificateValidator * bool * bool -> System.IdentityModel.Selectors.X509SecurityTokenAuthenticator
Public Sub New (validator As X509CertificateValidator, mapToWindows As Boolean, includeWindowsGroups As Boolean)
参数
- validator
- X509CertificateValidator
一个 X509CertificateValidator,用于验证证书是否有效。A X509CertificateValidator that verifies that the certificate is valid.
- mapToWindows
- Boolean
若要将证书标识映射到 Windows 标识,则为 true;否则为 false。true to map the identity of the certificate to a Windows identity; otherwise, false.
- includeWindowsGroups
- Boolean
若要在整个身份验证过程中将 Windows 用户所属的组包括在构造的 true 属性中,则为 ClaimSets;否则为 false。true to include the groups the Windows user belongs to in the ClaimSets property that is constructed throughout the authentication process; otherwise, false.
注解
如果不需要 Windows 组信息,请将 false 传递给 includeWindowsGroups 参数以提高性能。Pass false to the includeWindowsGroups parameter when the Windows group information is not required to improve performance.
X509CertificateValidator 类有几个可传递给 ChainTrust 参数的静态属性,如 validator 属性。The X509CertificateValidator class has several static properties, such as the ChainTrust property that can be passed to the validator parameter. 这些属性为 X.509 证书提供了常用验证方法。These properties provide common validation methods for X.509 certificates. 当要求使用自定义验证方法时,请从 X509CertificateValidator 中派生一个类,并重写 Validate(X509Certificate2) 方法。When a custom validation method is required, derive a class from X509CertificateValidator and override the Validate(X509Certificate2) method. Validate(X509Certificate2) 方法由 ValidateTokenCore 方法调用。The Validate(X509Certificate2) method is called by the ValidateTokenCore method.
如果将 true 传递给 mapToWindows 参数,则会将 X.509 证书映射到 Windows 帐户,并将相关声明添加到 EvaluationContext 中,如用户所属的 Windows 组。When true is passed into the mapToWindows parameter, the X.509 certificate is mapped to a Windows account and relevant claims are added to the EvaluationContext, such as the Windows groups that the user belongs to. 如果安全令牌类型为 X509WindowsSecurityToken,则 WindowsIdentity 属性使用在令牌中指定的标识;否则,将 X.509 证书映射到使用 Kerberos S4U 登录的 Windows 标识(基于 X.509 证书的用户主要名称 SubjectAltNames 扩展)。When the security token is of type X509WindowsSecurityToken, the WindowsIdentity property is using the identity that is specified in the token; otherwise, the X.509 certificate is mapped to a Windows identity using a Kerberos S4U logon based on the user principal name SubjectAltNames extension of the X.509 certificate.