Skip to main content

Definition

Assembly: Microsoft.OData.Mcp.Authentication.dll Namespace: Microsoft.OData.Mcp.Authentication.Models Inheritance: System.Object

Syntax

Microsoft.OData.Mcp.Authentication.Models.ClientCertificate

Summary

Configuration for client certificate authentication.

Remarks

Client certificates provide a secure method for authenticating the MCP server to authorization servers and downstream services. They offer better security than client secrets and support automatic rotation.

Constructors

.ctor

Initializes a new instance of the ClientCertificate class.

Syntax

public ClientCertificate()

.ctor

Initializes a new instance of the ClientCertificate class for store-based lookup by thumbprint.

Syntax

public ClientCertificate(string thumbprint, System.Security.Cryptography.X509Certificates.StoreLocation storeLocation = 1, System.Security.Cryptography.X509Certificates.StoreName storeName = 5)

Parameters

NameTypeDescription
thumbprintstringThe certificate thumbprint.
storeLocationSystem.Security.Cryptography.X509Certificates.StoreLocationThe certificate store location.
storeNameSystem.Security.Cryptography.X509Certificates.StoreNameThe certificate store name.

Exceptions

ExceptionDescription
ArgumentExceptionThrown when thumbprint is null or whitespace.

.ctor

Initializes a new instance of the ClientCertificate class for file-based certificates.

Syntax

public ClientCertificate(string filePath, string password = null)

Parameters

NameTypeDescription
filePathstringThe path to the certificate file.
passwordstring?The password for encrypted files (optional).

Exceptions

ExceptionDescription
ArgumentExceptionThrown when filePath is null or whitespace.

.ctor Inherited

Inherited from object

Syntax

public Object()

Properties

Base64Data

Gets or sets the Base64-encoded certificate data.

Syntax

public string Base64Data { get; set; }

Property Value

Type: string? The certificate data in Base64 format (used when Source is Base64).

Remarks

This allows certificates to be embedded directly in configuration. While convenient for some scenarios, this method should be used carefully to avoid exposing internal keys in configuration files.

CheckRevocation

Gets or sets a value indicating whether to check certificate revocation.

Syntax

public bool CheckRevocation { get; set; }

Property Value

Type: bool true if certificate revocation should be checked; otherwise, false.

Remarks

Revocation checking ensures the certificate hasn’t been revoked by the issuing authority. This requires network access to revocation services and may impact performance.

FilePath

Gets or sets the file path for file-based certificates.

Syntax

public string FilePath { get; set; }

Property Value

Type: string? The path to the certificate file (used when Source is File).

Remarks

The file path can point to various certificate formats including .pfx, .p12, .cer, and .crt files. Password-protected files require the Password property to be set.

Password

Gets or sets the password for encrypted certificate files.

Syntax

public string Password { get; set; }

Property Value

Type: string? The password to decrypt the certificate file.

Remarks

This password is used when loading encrypted certificate files such as .pfx or .p12 files. It should be stored securely and not logged.

Source

Gets or sets the source of the client certificate.

Syntax

public Microsoft.OData.Mcp.Authentication.Models.CertificateSource Source { get; set; }

Property Value

Type: Microsoft.OData.Mcp.Authentication.Models.CertificateSource? The method used to locate and load the client certificate.

Remarks

Different certificate sources provide different levels of security and management complexity. Store-based certificates are typically more secure in production environments.

StoreLocation

Gets or sets the certificate store location.

Syntax

public System.Security.Cryptography.X509Certificates.StoreLocation StoreLocation { get; set; }

Property Value

Type: System.Security.Cryptography.X509Certificates.StoreLocation? The certificate store location (used when Source is Store).

Remarks

The store location determines which certificate store to search. CurrentUser is typically used for development, while LocalMachine is used for production services.

StoreName

Gets or sets the certificate store name.

Syntax

public System.Security.Cryptography.X509Certificates.StoreName StoreName { get; set; }

Property Value

Type: System.Security.Cryptography.X509Certificates.StoreName? The certificate store name (used when Source is Store).

Remarks

The store name determines which certificate store to search within the specified location. “My” (Personal) is the most common store for client certificates.

SubjectName

Gets or sets the certificate subject name for store-based lookup.

Syntax

public string SubjectName { get; set; }

Property Value

Type: string? The subject name of the certificate to locate.

Remarks

The subject name provides an alternative way to locate certificates when the thumbprint is not known. It should match the certificate’s subject field exactly.

Thumbprint

Gets or sets the certificate thumbprint for store-based lookup.

Syntax

public string Thumbprint { get; set; }

Property Value

Type: string? The thumbprint (SHA-1 hash) of the certificate to locate.

Remarks

The thumbprint uniquely identifies a certificate within a store. It should be specified without spaces or special characters.

ValidateChain

Gets or sets a value indicating whether to validate the certificate chain.

Syntax

public bool ValidateChain { get; set; }

Property Value

Type: bool true if the certificate chain should be validated; otherwise, false.

Remarks

Chain validation ensures the certificate is issued by a trusted certificate authority. Disabling this should only be done in development environments with self-signed certificates.

Methods

Equals Inherited Virtual

Inherited from object

Syntax

public virtual bool Equals(object obj)

Parameters

NameTypeDescription
objobject?-

Returns

Type: bool

Equals Inherited

Inherited from object

Syntax

public static bool Equals(object objA, object objB)

Parameters

NameTypeDescription
objAobject?-
objBobject?-

Returns

Type: bool

GetHashCode Inherited Virtual

Inherited from object

Syntax

public virtual int GetHashCode()

Returns

Type: int

GetType Inherited

Inherited from object

Syntax

public System.Type GetType()

Returns

Type: System.Type

LoadCertificate

Loads the certificate based on the configured source.

Syntax

public System.Security.Cryptography.X509Certificates.X509Certificate2 LoadCertificate()

Returns

Type: System.Security.Cryptography.X509Certificates.X509Certificate2 The loaded X.509 certificate.

Exceptions

ExceptionDescription
InvalidOperationExceptionThrown when the certificate cannot be loaded.

MemberwiseClone Inherited

Inherited from object

Syntax

protected internal object MemberwiseClone()

Returns

Type: object

ReferenceEquals Inherited

Inherited from object

Syntax

public static bool ReferenceEquals(object objA, object objB)

Parameters

NameTypeDescription
objAobject?-
objBobject?-

Returns

Type: bool

ToString Override

Returns a string representation of the client certificate configuration.

Syntax

public override string ToString()

Returns

Type: string A summary of the certificate configuration.

ToString Inherited Virtual

Inherited from object

Syntax

public virtual string ToString()

Returns

Type: string?

Validate

Validates the client certificate configuration for consistency and completeness.

Syntax

public System.Collections.Generic.IEnumerable<string> Validate()

Returns

Type: System.Collections.Generic.IEnumerable<string> A collection of validation errors, or an empty collection if the configuration is valid.