<x509SecurityTokenHandlerRequirement>

项目
03/30/2017

Provides optional configuration for the X509SecurityTokenHandler class or derived classes.

<configuration>
  <system.identityModel>
    <identityConfiguration>
      <securityTokenHandlers>
        <add>
          <x509SecurityTokenHandlerRequirement>

Syntax

<system.identityModel>  
  <identityConfiguration>  
    <securityTokenHandlers>  
      <add type="System.IdentityModel.Tokens.X509SecurityTokenHandler, System.IdentityModel">  
        <x509SecurityTokenHandlerRequirement>  
          mapToWindows=xs:boolean  
          certificateValidationMode="None||ChainTrust||PeerTrust||PeerOrChainTrust||Custom"  
          certificateValidator="Namespace.Class, Assembly"  
          revocationMode="NoCheck||Offline||Online"  
          trustedStoreLocation="CurrentUser||LocalMachine"  
        </x509SecurityTokenHandlerRequirement>  
      </add>  
    </securityTokenHandlers>  
  </identityConfiguration>  
</system.identityModel>

Attributes and Elements

The following sections describe attributes, child elements, and parent elements.

Attributes

Attribute	Description
certificateValidationMode	An X509CertificateValidationMode value that specifies the validation mode to use for the X.509 certificate. The default value is "PeerOrChainTrust".
mapToWindows	Specifies whether the token handler should map the validating token to a Windows account by using the incoming UPN claim. The default is "false".
revocationMode	An X509RevocationMode value that specifies the revocation mode to use for the X.509 certificate. The default value is "Online".
trustedStoreLocation	A StoreLocation value that specifies the X.509 certificate store. The default value is "LocalMachine".
certificateValidator	A custom type that derives from X509CertificateValidator. If the `certificateValidationMode` attribute is "Custom", an instance of this type is used for issuer certificate validation.

Child Elements

None

Parent Elements

Element	Description
<add>	Adds the specified security token handler to the token handler collection.

Example

<add type="System.IdentityModel.Tokens.X509SecurityTokenHandler, System.IdentityModel">  
    <x509SecurityTokenHandlerRequirement mapToWindows="true"
                                         certificateValidationMode="PeerOrChainTrust"
                                         revocationMode="Online"
                                         trustedStoreLocation="LocalMachine" />  
</add>