将证书安装到Windows本地用户证书存储在C＃ [英] Install certificates in to the Windows Local user certificate store in C#

问题描述

我在写一个Windows服务，需要证书存储中的几个证书才能连接到第三方Web服务。

I'm writing a Windows service that needs several certificates in the certificate store in order to connect to a third party web service.

在我的安装程序我调用小应用程序（C＃），创建一个用户来运行服务。

On my installer I call a small application (C#) that creates a user to run the service as.

它可以正常工作。

现在需要安装约10个证书（不要问！）到用户的证书存储，但是找不到任何简洁的编程方式这样做。

I now need to install about 10 certificates (don't ask!) into the users certificate store, but can't find any succinct programmatic way to do so.

任何提示？或者，我必须使用 COM 互操作...

Any hints? Or am I going to have to use COM interop...

推荐答案

原来你首先需要模拟用户。

Turns out you first need to impersonate the user.

模拟用户的小C＃类 ，您可以执行以下操作：

Using the very nice library described in A small C# Class for impersonating a User, you can do the following:

using (new Impersonator("username", "", "password"))
{
    try
    {
        X509Store serviceRuntimeUserCertificateStore = new X509Store(StoreName.My);
        string baseDir = AppDomain.CurrentDomain.BaseDirectory;
        string certPath = Path.Combine(baseDir, certificateFolder);

        string certificateFile = "c:\\file.cert";
        string certificatePassword = "somePassword";
        string certificateLocation = certPath + "\\" + certificateFile;

        InstallCertificate(certificateLocation, certificatePassword);
    }
    catch (Exception ex)
    {
        Console.WriteLine(ex);
    }
}

private static void InstallCertificate(string certificatePath, string certificatePassword)
{
    try
    {
        var serviceRuntimeUserCertificateStore = new X509Store(StoreName.My);
        serviceRuntimeUserCertificateStore.Open(OpenFlags.ReadWrite);

        X509Certificate2 cert;

        try
        {
            cert = new X509Certificate2(certificatePath, certificatePassword);
        }
        catch(Exception ex)
        {
            Console.WriteLine("Failed to load certificate " + certificatePath);
            throw new DataException("Certificate appeared to load successfully but also seems to be null.", ex);
        }

        serviceRuntimeUserCertificateStore.Add(cert);
        serviceRuntimeUserCertificateStore.Close();
    }
    catch(Exception)
    {
        Console.WriteLine("Failed to install {0}.  Check the certificate index entry and verify the certificate file exists.", certificatePath);
    }
}

请添加您自己的异常处理。如果您要添加多个证书，请保持X509Store在有效期内打开。

Please add your own exception handling. If you're adding multiple certificates keep the X509Store open for the duration for efficiency.

这篇关于将证书安装到Windows本地用户证书存储在C＃的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！