我需要获取证书,并且想获取客户端,并且没有服务器,我可以这样做:
public static X509Certificate2 EscolherCertificado(string serial)
{
var store = new X509Store("MY", StoreLocation.CurrentUser);
var Key = new RSACryptoServiceProvider();
store.Open(OpenFlags.ReadOnly | OpenFlags.OpenExistingOnly);
X509Certificate2Collection collection = store.Certificates;
X509Certificate2Collection fcollection = collection.Find(X509FindType.FindBySerialNumber, serial, false);
if (fcollection.Count == 1)
{
return fcollection[0];
}
else { cod = "00000"; msgm = "not found"; return null; }
}
但是当我在服务器上发布时,它不起作用。有什么办法可以做到这一点吗?
我无法获取客户端证书,它返回错误,因为服务器上没有注册的证书。
编辑
我已经被告知这是可能的,我只是不知道该怎么做,我尝试的方法不起作用。
编辑
点击此链接,我确实遵守了,但它不起作用,它并不总是找到。我该怎么做才能纠正这个问题?
public static X509Certificate2 EscolherCertificado(string serial)
{
X509Store userCaStore = new X509Store(StoreName.My, StoreLocation.CurrentUser);
try
{
userCaStore.Open(OpenFlags.ReadOnly);
X509Certificate2Collection certificatesInStore = userCaStore.Certificates;
X509Certificate2Collection findResult = certificatesInStore.Find(X509FindType.FindBySerialNumber, serial, true);
X509Certificate2 clientCertificate = null;
if (findResult.Count == 1)
{
clientCertificate = findResult[0];
}
else
{
throw new Exception("Unable to locate the correct client certificate.");
}
cod = "0000"; msgm = clientCertificate.ToString(); return clientCertificate;
}
catch
{
throw;
}
finally
{
userCaStore.Close();
}
据我所知,您无法访问客户端证书存储。为此,您必须为每个浏览器平台编写一个专有插件,并向客户端授予正确的访问权限。这是一项非常痛苦的任务。祝你好运。就我而言,我们最终开发了一个EXE,它可以完全访问客户端硬件和平台的功能。
代码如下:
private void ElegirCert()
{
System.Security.Cryptography.X509Certificates.X509Store store = new System.Security.Cryptography.X509Certificates.X509Store("MY", System.Security.Cryptography.X509Certificates.StoreLocation.CurrentUser);
store.Open(System.Security.Cryptography.X509Certificates.OpenFlags.ReadOnly);
System.Security.Cryptography.X509Certificates.X509Certificate2Collection collection = (System.Security.Cryptography.X509Certificates.X509Certificate2Collection)store.Certificates;
System.Security.Cryptography.X509Certificates.X509Certificate2Collection fcollection = (System.Security.Cryptography.X509Certificates.X509Certificate2Collection)collection;//.Find(System.Security.Cryptography.X509Certificates.X509FindType.FindByTimeValid, DateTime.Now, false);
try
{
Cert = System.Security.Cryptography.X509Certificates.X509Certificate2UI.SelectFromCollection(fcollection, "Elegir", "Seleccione el certificado que desea utilizar", System.Security.Cryptography.X509Certificates.X509SelectionFlag.SingleSelection)[0];
}
catch (Exception e)
{
}
store.Close();
}
我仍然认为使用唯一的浏览器功能无法获取客户端证书列表。有一种方法,它涉及创建一个扩展,该扩展与执行"艰苦工作"的可执行本机文件进行通信。这意味着,获取证书的完整列表并将其公开给用户。我认为在那之后,用户选择一个,然后 EXE 要求提供证书存储密码(如果有的话),然后 exe 对哈希进行数字签名等等......