X509ClientCertificateAuthentication.IncludeWindowsGroups 属性
定义
获取或设置一个值,该值指示 Windows 组是否包括在授权上下文中。Gets or sets a value that indicates whether Windows groups are included in the authorization context.
public:
property bool IncludeWindowsGroups { bool get(); void set(bool value); };
public bool IncludeWindowsGroups { get; set; }
member this.IncludeWindowsGroups : bool with get, set
Public Property IncludeWindowsGroups As Boolean
属性值
如果 Windows 组包括在授权上下文中,则为 true;否则为 false。true if Windows groups are included in the authorization context; otherwise, false. 默认值为 true。The default is true.
示例
下面的代码演示如何设置此属性。The following code shows how to set this property.
// Create a service host.
Uri httpUri = new Uri("http://localhost/Calculator");
ServiceHost sh = new ServiceHost(typeof(Calculator), httpUri);
// Create a binding that uses a certificate.
WSHttpBinding b = new WSHttpBinding(SecurityMode.Message);
b.Security.Message.ClientCredentialType =
MessageCredentialType.Certificate;
// Get a reference to the authentication object.
X509ClientCertificateAuthentication myAuthProperties =
sh.Credentials.ClientCertificate.Authentication;
// Configure IncludeWindowsGroups.
myAuthProperties.IncludeWindowsGroups = true;
' Create a service host.
Dim httpUri As New Uri("http://localhost/Calculator")
Dim sh As New ServiceHost(GetType(Calculator), httpUri)
' Create a binding that uses a certificate.
Dim b As New WSHttpBinding(SecurityMode.Message)
b.Security.Message.ClientCredentialType = MessageCredentialType.Certificate
' Get a reference to the authentication object.
Dim myAuthProperties As X509ClientCertificateAuthentication = _
sh.Credentials.ClientCertificate.Authentication
' Configure IncludeWindowsGroups.
myAuthProperties.IncludeWindowsGroups = True
该属性也可以在配置文件中设置。The property can also be set in a configuration file.
<serviceCredentials>
<clientCertificate>
<authentication includeWindowsGroups ='true'/>
</clientCertificate>
</serviceCredentials>
注解
仅当 MapClientCertificateToWindowsAccount 属性设置为 true 时,此属性才有效。This property is valid only when the MapClientCertificateToWindowsAccount property is set to true.
仅当不需要建立用户所属的组列表时才将此属性设置为 false,如果您的应用程序和身份验证决定不需要 Windows 组,这可能会提高性能。Set this property to false only if you do not need to establish the list of groups a user belongs to - this may result in a performance benefit if your application and authorization decisions do not require Windows groups.