从AD服务器检索X509证书 [英] retrieving X509 certificates from AD Server
本文介绍了从AD服务器检索X509证书的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
有什么方法,我们可以使用C#从AD服务器加密电子邮件获取X509公共Cetrificates。
现在我使用本地商店获取证书和加密邮件。
Is there any way we can fetch X509 Public Cetrificates using c# from AD Server for Encrypting an Email. Right now I am using the local Store for Picking up the Certificates and Encrypting an Mail.
static public X509Certificate2 GetRecipientCertPublic(string recipientName)
{
X509Store storeAddressBook = new X509Store(StoreName.AddressBook, StoreLocation.CurrentUser);
storeAddressBook.Open(OpenFlags.ReadOnly);
X509Certificate2Collection certColl = storeAddressBook.Certificates.Find(X509FindType.FindBySubjectName, recipientName, false);
storeAddressBook.Close();
if (certColl.Count != 0)
{
return certColl[0];
}
else
{
return null;
}
}
正如我看到的Outlook中的行为是不同的。即使Recipeint的公用证书在本地计算机证书管理器中不存在。它可以从组织的中心服务器或Ad服务器(我不很确定它)中获取公共证书,并发送加密的邮件。
As i see the behaviour in Outlook is different. Even if the public certificate of the Recipeint is not Present in the local Machines Certificate Manager. it is able to pick up the public certificate from centeral server of the organization or the Ad Server (i am not very sure about it) and send the encrypted mail.
推荐答案
DirectoryEntry de = new DirectoryEntry("LDAP://#####"); //Where ##### is the name of your AD server
DirectorySearcher dsearch = new DirectorySearcher(de);
dsearch.Filter = "(cn=#####)"; //Search how you want. Google "LDAP Filter" for more.
SearchResultCollection rc = dsearch.FindAll();
X509Certificate stt = new X509Certificate();
foreach (SearchResult r in rc)
{
if (r.Properties.Contains("userCertificate"))
{
Byte[] b = (Byte[])r.Properties["userCertificate"][0]; //This is hard coded to the first element. Some users may have multiples. Use ADSI Edit to find out more.
X509Certificate cert1 = new X509Certificate(b);
}
}
这篇关于从AD服务器检索X509证书的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
