如何读取在C＃中从智能卡凭证 [英] How to read credentials from a SmartCard in c#

问题描述

在我的组织，用户必须使用智能卡进行交互式登录到Windows站（95，Vista和7）。几乎每天，我们需要读取存储在智能卡凭据，并与ActiveDirectory中compaire他们，没有实现自定义的凭证管理。我们比较这些字段是：userPrincialName而sAMAccountName

In my organization, users must use SmartCard for interactive login to a Windows stations (95,Vista and 7). almost daily, we need to read the credentials stored in the SmartCard and compaire them with the ActiveDirectory, without implementing a custom credentials manager. The fields we compare are: userPrincialName and sAMAccountName.

你能告诉我一个code，演示如何从智能卡读取证书或指导我的文章/ code在互联网上？

Can you please show me a code that demonstrates how to read the credentials from the SmartCard or guide me to an article / code on the internet?

一个搜索互联网suggeted实施凭证管理器或使用其他语言（如C，C ++）。 另外，我遇​​到了这篇文章：的http：// 。WWW codeproject.com /用品/ 17013 /智能卡的框架，为-NET 写orouit，这是与智能卡工作的框架 - 但我认为这太多了我的简单的任务。你怎么看？

A search over internet suggeted implementing credentials manager or using other languages (like C, C++). Also, I came across this article : http://www.codeproject.com/Articles/17013/Smart-Card-Framework-for-NET written by orouit, which is a framework for working with SmartCards - but I think this too much for my simple task. What do you think?

推荐答案

那么，如果在windows下开发，一旦你插入智能卡窗口将获取从智能卡中的所有证书它们放置在我的证书存储区。

Well if developing under windows, once you insert smart card windows will fetch all certificates from the smart card place them to the My certificate store.

var smartCardCerts = new List<X509Certificate2>();
var myStore = new X509Store(StoreName.My, StoreLocation.CurrentUser);
foreach(X509Certificate2 cert in myStore)
{
  if( !cert.HasPrivateKey ) continue; // not smartcard for sure
  var rsa = cert.PrivateKey as RSACryptoServiceProvider;
  if( rsa==null ) continue; // not smart card cert again
  if( rsa.CspKeyContainerInfo.HardwareDevice ) // sure - smartcard
  {
     // inspect rsa.CspKeyContainerInfo.KeyContainerName Property
     // or rsa.CspKeyContainerInfo.ProviderName (your smartcard provider, such as 
     // "Schlumberger Cryptographic Service Provider" for Schlumberger Cryptoflex 4K
     // card, etc
     var name = cert.Name;
     rsa.SignData(); // to confirm presence of private key - to finally authenticate
  }
}

基本上很多加密的API可通过.NET nowdays。但你也可以使用API​​直接加密API

例如，你可以直接通过

CryptAcquireContext(&hProv,"\\.\<Reader Name>\<Container Name>",...)

在这里阅读器的名字是读卡器名称和容器名称在上面code段无论rsa.KeyContainerName。有多种方式来获取信息这样的，加密API并不是非常一致，或直接。作为CryptAcquireContext的暗示.NET版本的RSACryptoServiceProvider与CspParameters，您可以根据需要指定容器名称。

where reader name is card reader name and container name is whatever rsa.KeyContainerName in code snippet above. There are multiple ways to access information like that and Crypto API is not very consistent or straightforward. as a hint .NET version of CryptAcquireContext is RSACryptoServiceProvider with CspParameters where you can specify container name if needed.

在ActiveDirectory中井发现用户可通过System.DirectoryServices.DirectoyEntry和System.DirectoryServices.DirectorySearcher做，但是不要忘了System.DirectoryServices.ActiveDirectory.Forest和相关的API，这使得一些事情更容易弄清楚。

Well finding user in ActiveDirectory may be done via System.DirectoryServices.DirectoyEntry and System.DirectoryServices.DirectorySearcher, but do not forget System.DirectoryServices.ActiveDirectory.Forest and related API which makes some things a lot easier to figure out.

您将能够获得

这篇关于如何读取在C＃中从智能卡凭证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！