Represents a constraint on the identity of a client or server in a Transport Layer Security (TLS) or Secure Sockets Layer (SSL) connection. This class is used to validate the X.509 certificate presented by the remote party.
Syntax
public abstract class IdentityConstraint
Classes that inherit from IdentityConstraint
The following tables list the classes that inherit from IdentityConstraint.
Public Abstract Classes
| Class | Description |
|---|---|
| IdentityConstraint | Represents a constraint on the identity of a client or server in a Transport Layer Security (TLS) or Secure Sockets Layer (SSL) connection. |
Remarks
The IdentityConstraint class is an abstract base class. You typically do not instantiate this class directly. Instead, you use derived classes such as DnsIdentityConstraint or UpnIdentityConstraint to specify the particular type of identity constraint you want to enforce.
When establishing a TLS/SSL connection, the remote party presents an X.509 certificate. The IdentityConstraint object is used to compare the identity information within that certificate against the expected identity. If the identities do not match, the connection may be terminated.
Examples
The following example demonstrates how to use a DnsIdentityConstraint to ensure that the server's identity matches a specific DNS name.
using System;
using System.Net.Security;
using System.Net.Sockets;
using System.Security.Cryptography.X509Certificates;
using System.Text;
public class SslClientExample
{
public static void ConnectWithIdentityConstraint(string host, int port, string expectedDnsName)
{
try
{
using (TcpClient client = new TcpClient(host, port))
{
using (SslStream sslStream = new SslStream(
client.GetStream(),
false,
new RemoteCertificateValidationCallback(ValidateServerCertificate),
null))
{
// Create a DNS identity constraint
IdentityConstraint dnsConstraint = new DnsIdentityConstraint(expectedDnsName);
// The RemoteCertificateValidationCallback will use the dnsConstraint implicitly.
// In a real scenario, you might explicitly pass constraints if the API supported it.
// For SslStream, the constraints are often set within the validation callback.
sslStream.AuthenticateAsClient(host, null, System.Security.Authentication.SslProtocols.Tls12, false);
Console.WriteLine("SSL connection established successfully.");
// Example: Send and receive data (omitted for brevity)
}
}
}
catch (Exception ex)
{
Console.WriteLine($"Error: {ex.Message}");
}
}
public static bool ValidateServerCertificate(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
{
// In this simplified example, we are just checking for basic errors.
// In a real application, you would implement more robust validation,
// potentially using the IdentityConstraint object here to perform the actual check.
if (sslPolicyErrors == SslPolicyErrors.None)
{
// If no policy errors, the certificate is considered valid.
// A more advanced implementation would compare certificate properties
// against the configured IdentityConstraint.
return true;
}
Console.WriteLine($"Certificate error: {sslPolicyErrors}");
return false; // Reject the connection if there are policy errors
}
// Example of how to use the method
public static void Main(string[] args)
{
// Replace with actual server details
string serverHost = "example.com";
int serverPort = 443;
string requiredDns = "www.example.com";
ConnectWithIdentityConstraint(serverHost, serverPort, requiredDns);
}
}
// Note: DnsIdentityConstraint is a conceptual example here.
// For actual .NET implementation, you'd often use methods like
// RemoteCertificateValidationCallback to perform the validation logic.
// The concept of IdentityConstraint is fundamental to how these callbacks work.
// The MSDN documentation usually refers to specific derived classes.
// This example illustrates the principle of constraining an identity.
// For explicit IdentityConstraint usage, refer to specific API documentation
// that directly accepts such objects, e.g., in some WCF configurations.
Requirements
| Platform | Version |
|---|---|
| .NET Framework | 1.1 |
| .NET Standard | 2.0 |
| .NET | Core 1.0 |