micahhoover micahhoover - 5 months ago 41
C# Question

filtering client certificates like browser

I have a smart card reader. When I attempt to visit a website that accepts client certificates, the browser gives me a list of 2 or 3 client certificates.

All of these certificate options are closely related to cards that have been used from my machine.

When I try to access these options via the X509Store class in .NET, I get back 256 options. That is too many for the user to sort through!

X509Store store = new X509Store("MY", StoreLocation.CurrentUser);
store.Open(OpenFlags.OpenExistingOnly | OpenFlags.ReadWrite);

Most of the certificates the user should NOT pick start with an asterix, so I can easily filter out 80% or so. For example:


My question is: how can I narrow the options down to a manageable level like my browser (chrome) but from .NET ?


First of all: open certificate store as read-only:


next, you have to filter by application policy = client authentication:

var certs = store.Certificates.Find(X509FindType.FindByApplicationPolicy, "", true);

certs variable will store only valid certificates (trusted, non-revoked, time-valid, etc.) and which are suitable for client authentication.

when done, close the store: