使用 Web 应用程序访问客户端证书智能卡 [英] Accessing client certificates smartcard with web application

问题描述

我要取证书，想取客户端，又没有服务器，我可以这样:

I need to fetch the certificate, and would like to fetch the client, and there is no server, I could do this form:

public static X509Certificate2 EscolherCertificado(string serial)
{
    var store = new X509Store("MY", StoreLocation.CurrentUser);

    var Key = new RSACryptoServiceProvider();
    store.Open(OpenFlags.ReadOnly | OpenFlags.OpenExistingOnly);
    X509Certificate2Collection collection = store.Certificates;
    X509Certificate2Collection fcollection = collection.Find(X509FindType.FindBySerialNumber, serial, false);
    if (fcollection.Count == 1)
    {
        return fcollection[0];
    }
    else { cod = "00000"; msgm = "not found"; return null; }

}

但是当我在服务器上发布时它不起作用.有什么办法可以做到这一点吗?

But when I publish on the server it does not work. Is there any way I can do this?

我无法获取客户端证书，返回错误，因为服务器上没有注册证书.

I can not get the client certificate, it returns error, because on the server there are no registered certificates.

编辑

我已经被告知这是可能的，我只是不知道该怎么做，我尝试过的方法不起作用.

I have already been told that it is possible, I just do not know how to do it, the ways I tried does not work.

编辑

按照这个link，我确实遵守了，但它不起作用，它并不总是找到.我可以做些什么来纠正这个问题?

Following this link, I did comply, but it does not work, it does not always find. What can I do to correct this problem?

public static X509Certificate2 EscolherCertificado(string serial)
        {
        X509Store userCaStore = new X509Store(StoreName.My, StoreLocation.CurrentUser);
        try
        {
            userCaStore.Open(OpenFlags.ReadOnly);
            X509Certificate2Collection certificatesInStore = userCaStore.Certificates;
            X509Certificate2Collection findResult = certificatesInStore.Find(X509FindType.FindBySerialNumber, serial, true);
            X509Certificate2 clientCertificate = null;
            if (findResult.Count == 1)
            {
                clientCertificate = findResult[0];
            }
            else
            {
                throw new Exception("Unable to locate the correct client certificate.");
            }
            cod = "0000"; msgm = clientCertificate.ToString(); return clientCertificate;
        }
        catch
        {
            throw;
        }
        finally
        {
            userCaStore.Close();
        }

推荐答案

我仍然认为使用唯一的浏览器功能无法获取客户端证书列表.有一种方法，它涉及创建一个扩展，该扩展与执行艰苦工作"的可执行本机文件进行通信.这意味着，获取完整的证书列表并将其公开给用户.我认为在那之后，用户选择一个，然后 EXE 要求提供证书存储密码(如果有)，然后 exe 对哈希进行数字签名等等......

I still think that it is not possible to get the list of client certificates using the sole browser capabilities. There is a way and it involves creating an extension which communicates with an Executable Native file that does the "hard work". That means, getting the full list of certificates and exposing it to the user. I think that after that, the user chooses one, then the EXE asks for the cert store password (if it has one), then the exe digitally signs the hash and whatever...

这篇关于使用 Web 应用程序访问客户端证书智能卡的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！