FPCSSLClientCertificateRestriction Object

The FPCSSLClientCertificateRestriction object defines a requirement for restricting the Secure Sockets Layer (SSL) client certificates that a Web listener will accept for authentication.

A client certificate restriction may apply to one of the following fields:

A restriction may include an object identifier (OID) and a value that must be present in the specified field. For example, a certificate restriction can limit the client certificates that a Web listener will accept to those whose Enhanced Key Usage field contains the Smart Card Logon object identifier 1.3.6.1.4.1.311.20.2.2.

Client certificate restrictions are applicable only for SSL certificate authentication and forms-based authentication of clients requesting an HTTPS connection. They are enabled only if the SSLClientCertificateRestrictionsEnabled property of the FPCWebListenerProperties object for the Web listener is set to True.

The FPCSSLClientCertificateRestriction object is an element of an FPCSSLClientCertificateRestrictions collection, and a new object representing an SSL client certificate restriction can be created by calling the Add method of this collection. When the FPCSSLClientCertificateRestrictions collection for a Web listener contains more than one client certificate restriction, a client certificate that matches at least one of the restrictions will be accepted.

Click here to see the Forefront TMG object hierarchy.

Inheritance

This object inherits from the FPCPersist object, which contains methods and properties related to the persistent storage of an object's data. They include methods for exporting an object's data to and importing it from XML documents.

Methods

The FPCSSLClientCertificateRestriction object does not define any methods.

Properties

The FPCSSLClientCertificateRestriction object defines the following properties.

Property Description

CertificateRestrictionField

Gets or sets a value from the FpcCertificateRestrictionField enumerated type that specifies the certificate field to which the restriction applies.

Description

Gets or sets the description of the client certificate restriction.

Name

Gets or sets the name of the client certificate restriction.

OID

Gets or sets the object identifier (OID) to be used for determining a match with the field.

OIDMatchType

Gets or sets a value from the FpcOIDMatchType enumerated type that specifies the type of match required for the object identifier (OID).

Value

Gets or sets the string to be used for determining a match with the value in the field.

ValueMatchType

Gets or sets a value from the FpcValueMatchType enumerated type that specifies the type of match required for the value in the field.

Methods Inherited from FPCPersist

Name Description
CancelWaitForChanges Cancels the registration established by the WaitForChanges method (for use in C and C++ programming only).
CanImport Returns a Boolean value that indicates whether the object's properties can be imported from the specified XML document.
Export Writes the stored values of all of the object's properties to the specified XML document.
ExportToFile Writes the stored values of all of the object's properties to the specified XML file.
GetServiceRestartMask Retrieves a 32-bit bitmask of the FpcServices enumerated type that specifies which services need to be restarted for currently unsaved changes to take effect.
Import Copies the values of all of the object's properties from the specified XML document to persistent storage.
ImportFromFile Copies the values of all of the object's properties from the specified XML file to persistent storage.
LoadDocProperties Provides the XML document's properties so that you can know what information can be imported from the document.
Refresh Reads the values of all of the object's properties from persistent storage, overwriting any changes that have not been saved.
Save Writes the current values of all of the object's properties to persistent storage.
WaitForChanges Registers to wait for an event indicating that the contents of the object have changed (for use in C and C++ programming only).

Properties Inherited from FPCPersist

Name Description
PersistentName Gets the persistent name of the object. The persistent name of an object is a name that is unique for the object at the respective level of the COM object hierarchy.
VendorParameterSets Gets an FPCVendorParametersSets object that can hold sets of custom data for extending the object.

Interfaces for C++ Programming

This object implements the IFPCSSLClientCertificateRestriction interface.

Requirements

Client Requires Windows Vista or Windows XP.
Server Requires Windows Server 2008.
Version Requires Forefront Threat Management Gateway (TMG).
IDL

Declared in Msfpccom.idl.

See Also

COM Objects


Send comments about this topic to Microsoft

Build date: 11/30/2009

© 2008 Microsoft Corporation. All rights reserved.