UWP:使用智能卡验证用户

时间:2019-04-04 16:26:29

标签: uwp certificate smartcard

我需要编写一些UWP功能,以便可以从TPM虚拟智能卡验证用户身份。理想情况下,我想利用浏览器中弹出的窗口,该弹出窗口要求您选择证书,然后提示您输入图钉(如果该图钉与以下智能卡绑定)。

enter image description here

我在以下帖子中找到了以下代码:User login with Smart Card for Windows UWP app,但是在尝试签名“提供者由于上下文被获取为静默而无法执行操作”时,我遇到了同样的问题。

ReadOnlyList<Certificate> Certs;
        CertificateQuery CertQuery = new CertificateQuery();
        CertQuery.HardwareOnly = true;

        Certs = await CertificateStores.FindAllAsync(CertQuery);
        string strEncrypt = "test";
        IBuffer BufferToEncrypt = CryptographicBuffer.ConvertStringToBinary(strEncrypt, BinaryStringEncoding.Utf8);

        foreach (Certificate Cert in Certs)
        {
            Debug.WriteLine($"Cert: {Cert.Subject}");
            Debug.WriteLine($"Storagename: {Cert.KeyStorageProviderName}");
            if (Cert.HasPrivateKey && ((Cert.KeyStorageProviderName == "Microsoft Base Smart Card Crypto Provider") || Cert.KeyStorageProviderName == "Microsoft Smart Card Key Storage Provider"))
            {
                CryptographicKey Key = null;

                try
                {
                    Key = await PersistedKeyProvider.OpenKeyPairFromCertificateAsync(Cert, HashAlgorithmNames.Sha1, CryptographicPadding.RsaPkcs1V15);
                    Debug.WriteLine("Got keypair");

                }
                catch (Exception ex)
                {
                    // Could not open Smart Card Key Pair
                    Debug.WriteLine("Could not open Smart Card Key Pair");
                }

                if (Key != null)
                {
                    try
                    {
                        // Try to Sign with Cert Private key 
                        IBuffer EncryptedBuffer = CryptographicEngine.Sign(Key, BufferToEncrypt);                            
                        Debug.WriteLine("Signing successful");
                    }
                    catch (Exception ex)
                    {
                        // Could not sign   
                        Debug.WriteLine("Could not sign");
                        Debug.WriteLine($"Error: {ex.Message}");
                    }
                }
            }
        }

有没有办法产生相同的弹出窗口?我必须自己构建它吗?如果没有,如果我以编程方式选择证书,那么如何提示输入图钉并进行验证?

我正在寻找上面显示的功能,该功能也与Android中存在的KeyChain.ChoosePrivateKeyAlias和IKeyChainAliasCallback相似,如果有人熟悉,它也允许用户选择证书。

编辑1

更改线路:

IBuffer EncryptedBuffer = await CryptographicEngine.Sign(Key, BufferToEncrypt);


IBuffer EncryptedBuffer = await CryptographicEngine.SignAsync(Key, BufferToEncrypt);

确实提示我输入图钉,但我仍然需要找出用于选择证书的弹出式窗口,而不是通过编程方式选择它。

编辑2 您可以使用

显示“选择证书”窗口 
        CredentialPickerOptions options = new CredentialPickerOptions();
        options.AuthenticationProtocol = AuthenticationProtocol.Ntlm;
        options.Message = "Please select your certificate";
        options.Caption = "Select a Certificate";
        options.TargetName = ".";
        options.CredentialSaveOption = CredentialSaveOption.Hidden;

        CredentialPickerResults credentialsPicked = await 
        CredentialPicker.PickAsync(options);

但是, CredentialPickerResults 具有一个 Credential 字段,该字段的类型为 IBuffer 。我不清楚我应该怎么做才能直接获取证书或使用它在证书存储区中进行查找以获取所选的证书。

0 个答案:

没有答案
相关问题
最新问题