问题
So Windows change the way it handles Smart Cards in Windows 10. I have an application that remembers the last selected certificate the user logged into the web application with. If the smart card was inserted, we'd give the user the
X509Certificate2UI.SelectFromCollection
With a collection built from scanning the personal stores for certs with the private key's value of CspKeyContainerInfo.Accessible was true.
While technically, everything still works, whenever Windows 10 attempts to see if the Private key is available, it prompts the user to "Insert the correct smart card."
So whenever a user get a new smart card, or logs in locally, they must go through some ugly prompts and clicking cancel until they get the correct certificate picker.
Currently, my code that checks if the hardware token is available looks like this:
public static bool IsCertificateAvailable(X509Certificate2 cert)
{
try
{
AsymmetricAlgorithm akeyInfo = cert.PrivateKey;
ICspAsymmetricAlgorithm keyInfo = akeyInfo as ICspAsymmetricAlgorithm;
if (keyInfo.CspKeyContainerInfo.Accessible)
{
Logger.Log(LogLevel.Info, "Certificate {0} has a private key", cert.GetSerialNumberString());
return true;
}
else //has no private key
{
Logger.Log(LogLevel.Info, "Certificate {0} has no private key", cert.GetSerialNumberString());
return false;
}
}
catch (CryptographicException)
{
return false;
}
}
Is there a way to accomplish the same task without the user having to click cancel?
来源:https://stackoverflow.com/questions/48411453/checking-for-the-accessibility-of-smart-card-private-keys-in-windows-10