Documentation > .NET > .NET Framework > Interoperability > Security > Networking > System.Net > System.Net.Security > CertificateDelegationType

CertificateDelegationType Enumeration

Namespace: System.Net.Security
Assembly: System.dll

Specifies the types of certificate delegation that are supported.

Syntax

public enum CertificateDelegationType

Members

3
Member Description
None No certificate delegation is performed.
Certificate Certificate delegation is performed, allowing the client to delegate the certificate to the server.
Full Full certificate delegation is performed. This is a superset of Certificate.

Remarks

The CertificateDelegationType enumeration is used in conjunction with the System.Net.Security.NegotiateStream class to control how client certificates are handled during authentication.

When CertificateDelegationType.Certificate is specified, the client's certificate can be delegated to the server. This is useful in scenarios where the server needs to authenticate the client's identity using the client's certificate.

The CertificateDelegationType.Full option provides more comprehensive delegation capabilities, potentially including other aspects of the client's security context beyond just the certificate.

Requirements

Requirement Description
Client Windows 8, Windows 7, Windows Vista SP1, Windows XP SP3
Server Windows Server 2012, Windows Server 2008 R2, Windows Server 2008, Windows Server 2003 SP1
Framework .NET Framework 4.5, .NET Framework 4.0, .NET Framework 3.5, .NET Framework 3.0, .NET Framework 2.0
Header System.Net.Security.dll

See Also

Example

The following C# code demonstrates how to use CertificateDelegationType when authenticating as a server using NegotiateStream.

using System;
using System.Net.Security;
using System.Net.Sockets;
using System.Security.Cryptography.X509Certificates;
using System.Threading.Tasks;

public class ServerExample
{
    public static async Task StartServer(int port)
    {
        TcpListener listener = new TcpListener(System.Net.IPAddress.Any, port);
        listener.Start();
        Console.WriteLine($"Server started on port {port}. Waiting for connections...");

        while (true)
        {
            TcpClient client = await listener.AcceptTcpClientAsync();
            _ = HandleClientAsync(client); // Fire and forget
        }
    }

    private static async Task HandleClientAsync(TcpClient tcpClient)
    {
        X509Certificate2 serverCertificate = GetServerCertificate(); // Implement this to get your server cert

        using (NetworkStream networkStream = tcpClient.GetStream())
        {
            // Specify CertificateDelegationType.Full for example
            using (SslStream sslStream = new SslStream(networkStream, false))
            {
                try
                {
                    await sslStream.AuthenticateAsServerAsync(serverCertificate,
                                                              clientCertificateRequired: true,
                                                              enabledSslProtocols: System.Security.Authentication.SslProtocols.Tls12,
                                                              checkCertificateRevocation: true,
                                                              certificateDelegationType: CertificateDelegationType.Full); // Using Full delegation

                    Console.WriteLine("Client authenticated successfully.");

                    // Perform secure communication here...
                    byte[] buffer = new byte[1024];
                    int bytesRead = await sslStream.ReadAsync(buffer, 0, buffer.Length);
                    string request = System.Text.Encoding.UTF8.GetString(buffer, 0, bytesRead);
                    Console.WriteLine($"Received: {request}");

                    string response = "Hello from server!";
                    byte[] responseData = System.Text.Encoding.UTF8.GetBytes(response);
                    await sslStream.WriteAsync(responseData, 0, responseData.Length);

                }
                catch (Exception ex)
                {
                    Console.WriteLine($"Authentication failed: {ex.Message}");
                }
            }
        }
        tcpClient.Close();
    }

    private static X509Certificate2 GetServerCertificate()
    {
        // In a real application, you would load your certificate securely
        // For example, from a file or the certificate store.
        // Replace with your actual certificate path and password.
        // string certificatePath = "path/to/your/server.pfx";
        // string certificatePassword = "your_password";
        // return new X509Certificate2(certificatePath, certificatePassword);

        // Placeholder: return a dummy certificate or null if not required for basic demo
        Console.WriteLine("WARNING: Using placeholder for GetServerCertificate(). Implement loading your actual server certificate.");
        return null; // Or load a valid certificate for real use
    }

    public static async Task Main(string[] args)
    {
        // await StartServer(12345); // Example port
    }
}