X509CertificateValidator 类

参考

定义

命名空间:: System.IdentityModel.Selectors

程序集:: System.ServiceModel.Primitives.dll

程序集:: System.IdentityModel.dll

包:: System.ServiceModel.Primitives v6.0.0

包:: System.ServiceModel.Primitives v6.2.0

包:: System.ServiceModel.Primitives v8.0.0

Source:: X509CertificateValidator.cs

Source:: X509CertificateValidator.cs

Source:: X509CertificateValidator.cs

重要

一些信息与预发行产品相关，相应产品在发行之前可能会进行重大修改。对于此处提供的信息，Microsoft 不作任何明示或暗示的担保。

验证 X.509 证书。

public ref class X509CertificateValidator abstract

public ref class X509CertificateValidator abstract : System::IdentityModel::Configuration::ICustomIdentityConfiguration

public abstract class X509CertificateValidator

public abstract class X509CertificateValidator : System.IdentityModel.Configuration.ICustomIdentityConfiguration

type X509CertificateValidator = class

type X509CertificateValidator = class
    interface ICustomIdentityConfiguration

Public MustInherit Class X509CertificateValidator

Public MustInherit Class X509CertificateValidator
Implements ICustomIdentityConfiguration

继承: Object
X509CertificateValidator

派生: System.IdentityModel.Tokens.X509NTAuthChainTrustValidator

实现: ICustomIdentityConfiguration

示例

public class MyX509CertificateValidator : X509CertificateValidator
{
    string allowedIssuerName;
    public MyX509CertificateValidator(string allowedIssuerName)
    {
        if (allowedIssuerName == null)
        {
            throw new ArgumentNullException("allowedIssuerName");
        }

        this.allowedIssuerName = allowedIssuerName;
    }
    public override void Validate(X509Certificate2 certificate)
    {
        // Check that there is a certificate.
        if (certificate == null)
        {
            throw new ArgumentNullException("certificate");
        }

        // Check that the certificate issuer matches the configured issuer
        if (allowedIssuerName != certificate.IssuerName.Name)
        {
            throw new SecurityTokenValidationException
              ("Certificate was not issued by a trusted issuer");
        }
    }
}


Public Class MyX509CertificateValidator
    Inherits X509CertificateValidator
    Private allowedIssuerName As String

    Public Sub New(ByVal allowedIssuerName As String)
        If allowedIssuerName Is Nothing Then
            Throw New ArgumentNullException("allowedIssuerName")
        End If

        Me.allowedIssuerName = allowedIssuerName

    End Sub

    Public Overrides Sub Validate(ByVal certificate As X509Certificate2)
        ' Check that there is a certificate.
        If certificate Is Nothing Then
            Throw New ArgumentNullException("certificate")
        End If

        ' Check that the certificate issuer matches the configured issuer
        If allowedIssuerName <> certificate.IssuerName.Name Then
            Throw New SecurityTokenValidationException("Certificate was not issued by a trusted issuer")
        End If

    End Sub
End Class

注解

使用 X509CertificateValidator 类指定将 X.509 证书视为有效的方式。可通过从 X509CertificateValidator 派生类并重写 Validate 方法来完成此操作。

构造函数

X509CertificateValidator()

初始化 X509CertificateValidator 类的新实例。

属性

ChainTrust	获取使用信任链来验证 X.509 证书的验证程序。
None	获取不对 X.509 证书执行验证的验证程序。因此，X.509 证书总是被视为有效。
PeerOrChainTrust	获取一个验证程序，它通过验证证书是否位于 `TrustedPeople` 证书存储区中来验证证书，或通过构建证书信任链来验证证书。如果证书通过任一验证方法，就是受信任的。
PeerTrust	获取一个验证程序，验证证书是否位于 `TrustedPeople` 证书存储区中。

方法

CreateChainTrustValidator(Boolean, X509ChainPolicy)	获取一个验证程序，它通过指定用于构建和验证信任链的上下文和链策略来验证 X.509 证书。
CreatePeerOrChainTrustValidator(Boolean, X509ChainPolicy)	获取一个验证程序，它验证证书是否位于 `TrustedPeople` 证书存储区中，或通过指定用于构建证书信任链的上下文和链策略来验证证书。如果证书通过任一验证方法，就是受信任的。
Equals(Object)	确定指定对象是否等于当前对象。 (继承自 Object)
GetHashCode()	作为默认哈希函数。 (继承自 Object)
GetType()	获取当前实例的 Type。 (继承自 Object)
LoadCustomConfiguration(XmlNodeList)	在派生类中重写时，将从 XML 中加载自定义配置。
MemberwiseClone()	创建当前 Object 的浅表副本。 (继承自 Object)
ToString()	返回表示当前对象的字符串。 (继承自 Object)
Validate(X509Certificate2)	当在派生类中重写时，验证 X.509 证书。

适用于

反馈

此页面是否有帮助？