X509CertificateValidator Class

Definition

Namespace:: System.IdentityModel.Selectors

Assembly:: System.ServiceModel.Primitives.dll

Assembly:: System.IdentityModel.dll

Package:: System.ServiceModel.Primitives v10.0.652802

Source:: X509CertificateValidator.cs

Source:: X509CertificateValidator.cs

Source:: X509CertificateValidator.cs

Important

Some information relates to prerelease product that may be substantially modified before it’s released. Microsoft makes no warranties, express or implied, with respect to the information provided here.

Validates an X.509 certificate.

public ref class X509CertificateValidator abstract

public ref class X509CertificateValidator abstract : System::IdentityModel::Configuration::ICustomIdentityConfiguration

public abstract class X509CertificateValidator

public abstract class X509CertificateValidator : System.IdentityModel.Configuration.ICustomIdentityConfiguration

type X509CertificateValidator = class

type X509CertificateValidator = class
 interface ICustomIdentityConfiguration

Public MustInherit Class X509CertificateValidator

Public MustInherit Class X509CertificateValidator
Implements ICustomIdentityConfiguration

Inheritance: Object
X509CertificateValidator

Derived: System.IdentityModel.Tokens.X509NTAuthChainTrustValidator

Implements: ICustomIdentityConfiguration

Examples

public class MyX509CertificateValidator : X509CertificateValidator
{
 string allowedIssuerName;
 public MyX509CertificateValidator(string allowedIssuerName)
 {
 if (allowedIssuerName == null)
 {
 throw new ArgumentNullException("allowedIssuerName");
 }

 this.allowedIssuerName = allowedIssuerName;
 }
 public override void Validate(X509Certificate2 certificate)
 {
 // Check that there is a certificate.
 if (certificate == null)
 {
 throw new ArgumentNullException("certificate");
 }

 // Check that the certificate issuer matches the configured issuer
 if (allowedIssuerName != certificate.IssuerName.Name)
 {
 throw new SecurityTokenValidationException
 ("Certificate was not issued by a trusted issuer");
 }
 }
}


Public Class MyX509CertificateValidator
 Inherits X509CertificateValidator
 Private allowedIssuerName As String

 Public Sub New(ByVal allowedIssuerName As String)
 If allowedIssuerName Is Nothing Then
 Throw New ArgumentNullException("allowedIssuerName")
 End If

 Me.allowedIssuerName = allowedIssuerName

 End Sub

 Public Overrides Sub Validate(ByVal certificate As X509Certificate2)
 ' Check that there is a certificate.
 If certificate Is Nothing Then
 Throw New ArgumentNullException("certificate")
 End If

 ' Check that the certificate issuer matches the configured issuer
 If allowedIssuerName <> certificate.IssuerName.Name Then
 Throw New SecurityTokenValidationException("Certificate was not issued by a trusted issuer")
 End If

 End Sub
End Class

Remarks

Use the X509CertificateValidator class to specify how an X.509 certificate is deemed valid. This can be done by deriving a class from X509CertificateValidator and overriding the Validate method.

Constructors

Name	Description
X509CertificateValidator()	Initializes a new instance of the X509CertificateValidator class.

Properties

Name	Description
ChainTrust	Gets a validator that validates the X.509 certificate using a trust chain.
None	Gets a validator that performs no validation on an X.509 certificate. As a result, an X.509 certificate is always considered to be valid.
PeerOrChainTrust	Gets a validator that verifies the certificate is in the `TrustedPeople` certificate store or by building a certificate trust chain. The certificate is trusted if it passes either verification method.
PeerTrust	Gets a validator that verifies the certificate is in the `TrustedPeople` certificate store.

Methods

Name	Description
CreateChainTrustValidator(Boolean, X509ChainPolicy)	Gets a validator that verifies the X.509 certificate by specifying the context and chain policy that is used to build and verify a trust chain.
CreatePeerOrChainTrustValidator(Boolean, X509ChainPolicy)	Gets a validator that verifies the certificate is in the `TrustedPeople` certificate store or by specifying the context and chain policy that is used to build a certificate trust chain. The certificate is trusted if it passes either verification method.
Equals(Object)	Determines whether the specified object is equal to the current object. (Inherited from Object)
GetHashCode()	Serves as the default hash function. (Inherited from Object)
GetType()	Gets the Type of the current instance. (Inherited from Object)
LoadCustomConfiguration(XmlNodeList)	When overridden in a derived class, loads custom configuration from XML.
MemberwiseClone()	Creates a shallow copy of the current Object. (Inherited from Object)
ToString()	Returns a string that represents the current object. (Inherited from Object)
Validate(X509Certificate2)	When overridden in a derived class, validates the X.509 certificate.

Applies to

Feedback

Was this page helpful?

URL: https://learn.microsoft.com/en-us/dotnet/api/system.identitymodel.selectors.x509certificatevalidator?view=net-11.0-pp

⇱ X509CertificateValidator Class (System.IdentityModel.Selectors) | Microsoft Learn