X509ClientCertificateAuthentication.IncludeWindowsGroups Property

Definition

Gets or sets a value that indicates whether Windows groups are included in the authorization context.

public:
 property bool IncludeWindowsGroups { bool get(); void set(bool value); };
public bool IncludeWindowsGroups { get; set; }
member this.IncludeWindowsGroups : bool with get, set
Public Property IncludeWindowsGroups As Boolean

Property Value

true if Windows groups are included in the authorization context; otherwise, false. The default is true.

Examples

The following code shows how to set this property.

// Create a service host.
Uri httpUri = new Uri("http://localhost/Calculator");
ServiceHost sh = new ServiceHost(typeof(Calculator), httpUri);
// Create a binding that uses a certificate.
WSHttpBinding b = new WSHttpBinding(SecurityMode.Message);
b.Security.Message.ClientCredentialType =
    MessageCredentialType.Certificate;

// Get a reference to the authentication object.
X509ClientCertificateAuthentication myAuthProperties =
    sh.Credentials.ClientCertificate.Authentication;
// Configure IncludeWindowsGroups.
myAuthProperties.IncludeWindowsGroups = true;
' Create a service host.
Dim httpUri As New Uri("http://localhost/Calculator")
Dim sh As New ServiceHost(GetType(Calculator), httpUri)
' Create a binding that uses a certificate.
Dim b As New WSHttpBinding(SecurityMode.Message)
b.Security.Message.ClientCredentialType = MessageCredentialType.Certificate


' Get a reference to the authentication object.
Dim myAuthProperties As X509ClientCertificateAuthentication = _
sh.Credentials.ClientCertificate.Authentication
' Configure IncludeWindowsGroups.
myAuthProperties.IncludeWindowsGroups = True

The property can also be set in a configuration file.

<serviceCredentials>  
  <clientCertificate>  
     <authentication includeWindowsGroups ='true'/>  
  </clientCertificate>  
</serviceCredentials>  

Remarks

This property is valid only when the MapClientCertificateToWindowsAccount property is set to true.

Set this property to false only if you do not need to establish the list of groups a user belongs to - this may result in a performance benefit if your application and authorization decisions do not require Windows groups.

Applies to