将不可导出的客户端证书附加到UWP应用中的HttpClient请求

Question

有关此问题：How to attach a non-exportable client certificate to a request using C# HttpClient?

问题是所选证书的私钥在HttpClient请求中不可用。

在上述问题中，客户端应用程序是WPF（.NET Framework）；以管理员身份运行它可以允许其使用私钥，以便在对Web服务的请求中对客户端设备进行身份验证。

我的问题现在是关于在UWP应用程序（APPX程序包）中做同样的事情。

与另一个问题一样，用于选择和附加证书的C＃代码如下：

var subject = /* Distinctive subject name of the certificate known to exist in the store */;
var store = new X509Store(StoreName.My, StoreLocation.LocalMachine);
store.Open(OpenFlags.ReadOnly);
var certificates = store.Certificates.Find(X509FindType.FindBySubjectName, subject, true);
// Known/verifiable at this point that certificates[0] is the correct client cert
var clientHandler = new HttpClientHandler();
clientHandler.ClientCertificates.Add(certificates[0]);
using (var client = new HttpClient(clientHandler))
{
    var response = await client.GetAsync(URL.Text);
    var result = await response.Content.ReadAsStringAsync();
    // ... etc...
}

应用清单当前看起来像这样：

<Package xmlns="http://schemas.microsoft.com/appx/manifest/foundation/windows10" xmlns:mp="http://schemas.microsoft.com/appx/2014/phone/manifest" xmlns:uap="http://schemas.microsoft.com/appx/manifest/uap/windows10" xmlns:rescap="http://schemas.microsoft.com/appx/manifest/foundation/windows10/restrictedcapabilities" IgnorableNamespaces="uap mp rescap">
  <Identity Name="d2661072-54d4-45b3-8e5a-5f32a79876fe" Publisher="CN=me" Version="1.0.16.0" />
  <mp:PhoneIdentity PhoneProductId="d2661072-54d4-45b3-8e5a-5f32a79876fe" PhonePublisherId="00000000-0000-0000-0000-000000000000" />
  <Properties>
    <DisplayName>My app</DisplayName>
    <PublisherDisplayName>me</PublisherDisplayName>
    <Logo>Assets\StoreLogo.png</Logo>
  </Properties>
  <Dependencies>
    <TargetDeviceFamily Name="Windows.Universal" MinVersion="10.0.0.0" MaxVersionTested="10.0.0.0" />
  </Dependencies>
  <Resources>
    <Resource Language="x-generate" />
  </Resources>
  <Applications>
    <Application Id="App" Executable="$targetnametoken$.exe" EntryPoint="MyApp.UWP.App">
      <uap:VisualElements DisplayName="My App" Square150x150Logo="Assets\Square150x150Logo.png" Square44x44Logo="Assets\Square44x44Logo.png" Description="My app" BackgroundColor="transparent">
        <uap:DefaultTile Wide310x150Logo="Assets\Wide310x150Logo.png">
        </uap:DefaultTile>
        <uap:SplashScreen Image="Assets\SplashScreen.png" />
      </uap:VisualElements>
    </Application>
  </Applications>
  <Capabilities>
    <Capability Name="internetClient" />
    <Capability Name="privateNetworkClientServer" />
    <uap:Capability Name="sharedUserCertificates" />
    <uap:Capability Name="enterpriseAuthentication" />
    <rescap:Capability Name="runFullTrust" />
  </Capabilities>
  <Extensions>
    <Extension Category="windows.certificates">
      <Certificates />
    </Extension>
  </Extensions>
</Package>

问题在于，尽管上述C＃可以访问证书存储区并读取证书，但它只能访问公共部分；它无法根据需要使用私有部分来向服务器进行身份验证（服务器的行为就像请求中没有证书一样。）

鉴于所需的证书已放置在“本地计算机”的“个人”存储中，并且不可导出，那么UWP是否可以使用该证书，如果可以，如何使用？