-
Notifications
You must be signed in to change notification settings - Fork 9.8k
/
CertificateAuthenticationOptions.cs
53 lines (45 loc) · 2.35 KB
/
CertificateAuthenticationOptions.cs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
// Copyright (c) .NET Foundation. All rights reserved.
// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
using System.Security.Cryptography.X509Certificates;
namespace Microsoft.AspNetCore.Authentication.Certificate
{
/// <summary>
/// Options used to configure certificate authentication.
/// </summary>
public class CertificateAuthenticationOptions : AuthenticationSchemeOptions
{
/// <summary>
/// Value indicating the types of certificates accepted by the authentication middleware.
/// </summary>
public CertificateTypes AllowedCertificateTypes { get; set; } = CertificateTypes.Chained;
/// <summary>
/// Flag indicating whether the client certificate must be suitable for client
/// authentication, either via the Client Authentication EKU, or having no EKUs
/// at all. If the certificate chains to a root CA all certificates in the chain must be validate
/// for the client authentication EKU.
/// </summary>
public bool ValidateCertificateUse { get; set; } = true;
/// <summary>
/// Flag indicating whether the client certificate validity period should be checked.
/// </summary>
public bool ValidateValidityPeriod { get; set; } = true;
/// <summary>
/// Specifies which X509 certificates in the chain should be checked for revocation.
/// </summary>
public X509RevocationFlag RevocationFlag { get; set; } = X509RevocationFlag.ExcludeRoot;
/// <summary>
/// Specifies conditions under which verification of certificates in the X509 chain should be conducted.
/// </summary>
public X509RevocationMode RevocationMode { get; set; } = X509RevocationMode.Online;
/// <summary>
/// The object provided by the application to process events raised by the certificate authentication middleware.
/// The application may implement the interface fully, or it may create an instance of CertificateAuthenticationEvents
/// and assign delegates only to the events it wants to process.
/// </summary>
public new CertificateAuthenticationEvents Events
{
get { return (CertificateAuthenticationEvents)base.Events; }
set { base.Events = value; }
}
}
}