CertificateMapping Class
Represents a mapping between a client certificate and a Windows user account.
This class is used to associate a client certificate with a specific Windows user account, enabling Windows integrated authentication scenarios when using SSL/TLS.
Syntax
public sealed class CertificateMappingRemarks
The CertificateMapping class allows administrators to configure how client certificates presented during an SSL/TLS handshake are mapped to Windows user accounts. This is particularly useful in scenarios where the server needs to authenticate the client using a certificate and then impersonate that client's Windows account to access local resources.
When a client presents a certificate, the system can use the configured mappings to find a corresponding Windows user account. If a match is found, the client's identity is established as that Windows user.
Methods
| Name | Description |
|---|---|
GetClientCertificate() |
Retrieves the client certificate associated with this mapping. |
GetUserAccount() |
Retrieves the Windows user account associated with this mapping. |
SetCertificate(X509Certificate2 certificate) |
Sets the client certificate for this mapping. |
SetUserAccount(string userPrincipalName) |
Sets the Windows user account for this mapping using its User Principal Name (UPN). |
Properties
| Name | Description |
|---|---|
StoreName |
Gets or sets the name of the certificate store to search for client certificates. |
StoreLocation |
Gets or sets the location of the certificate store. |
Issuer |
Gets or sets the issuer name of the client certificate. |
SubjectDistinguishedName |
Gets or sets the subject distinguished name of the client certificate. |
Example
Mapping a Client Certificate to a User Account
The following example demonstrates how to create a CertificateMapping object, associate a client certificate from the 'My' certificate store with a specific Windows user account, and configure the mapping.
using System;
using System.Net.Security;
using System.Security.Cryptography.X509Certificates;
public class CertificateMappingExample
{
public static void Main(string[] args)
{
try
{
// Specify the certificate details
string certificateThumbprint = "YOUR_CERTIFICATE_THUMBPRINT"; // Replace with actual thumbprint
string userName = "DOMAIN\\Username"; // Replace with actual username
// Find the client certificate
X509Certificate2 clientCertificate = FindCertificateByThumbprint(certificateThumbprint);
if (clientCertificate != null)
{
// Create a CertificateMapping object
CertificateMapping mapping = new CertificateMapping();
// Set the certificate and user account
mapping.SetCertificate(clientCertificate);
mapping.SetUserAccount(userName);
// Configure the certificate store for the mapping
mapping.StoreName = "My";
mapping.StoreLocation = StoreLocation.LocalMachine;
// In a real scenario, you would typically integrate this mapping
// with your SSL/TLS server configuration. For demonstration,
// we'll just show how to access the configured details.
Console.WriteLine($"Certificate Mapping Created:");
Console.WriteLine($" Issuer: {mapping.Issuer}");
Console.WriteLine($" Subject: {mapping.SubjectDistinguishedName}");
Console.WriteLine($" Mapped to User: {mapping.GetUserAccount()}");
Console.WriteLine($" Certificate Store: {mapping.StoreName} ({mapping.StoreLocation})");
}
else
{
Console.WriteLine($"Client certificate with thumbprint '{certificateThumbprint}' not found.");
}
}
catch (Exception ex)
{
Console.WriteLine($"An error occurred: {ex.Message}");
}
}
// Helper method to find a certificate by thumbprint
private static X509Certificate2 FindCertificateByThumbprint(string thumbprint)
{
using (var store = new X509Store(StoreName.My, StoreLocation.LocalMachine))
{
store.Open(OpenFlags.ReadOnly);
X509Certificate2Collection certificates = store.Certificates.Find(X509FindType.FindByThumbprint, thumbprint, false);
if (certificates.Count > 0)
{
return certificates[0];
}
return null;
}
}
}Requirements
Namespace: System.Net.Security
Assembly: System.Net.dll
Framework Versions: .NET Framework 4.5, .NET Core 2.0, .NET 5, .NET 6+