从AD服务器检索X509证书

Question

有没有什么办法可以从AD服务器使用c＃来获取X509公用证书以加密电子邮件。 现在我正在使用本地商店提取证书和加密邮件。

static public X509Certificate2 GetRecipientCertPublic(string recipientName) 
    {   

     X509Store storeAddressBook = new X509Store(StoreName.AddressBook, StoreLocation.CurrentUser); 
     storeAddressBook.Open(OpenFlags.ReadOnly); 
     X509Certificate2Collection certColl = storeAddressBook.Certificates.Find(X509FindType.FindBySubjectName, recipientName, false); 
     storeAddressBook.Close(); 
     if (certColl.Count != 0) 
     { 

      return certColl[0]; 
     } 
     else 
     { 
      return null; 
     } 
    } 

正如我在Outlook中看到的行为是不同的。即使本地机器证书管理器中没有配方的公共证书。它可以从组织的中央服务器或广告服务器（我不太确定它）拿到公共证书并发送加密的邮件。

Answer 1

 DirectoryEntry de = new DirectoryEntry("LDAP://#####"); //Where ##### is the name of your AD server 
     DirectorySearcher dsearch = new DirectorySearcher(de); 
     dsearch.Filter = "(cn=#####)"; //Search how you want. Google "LDAP Filter" for more. 
     SearchResultCollection rc = dsearch.FindAll(); 
     X509Certificate stt = new X509Certificate(); 

     foreach (SearchResult r in rc) 
     { 

      if (r.Properties.Contains("userCertificate")) 
      { 
       Byte[] b = (Byte[])r.Properties["userCertificate"][0]; //This is hard coded to the first element. Some users may have multiples. Use ADSI Edit to find out more. 
       X509Certificate cert1 = new X509Certificate(b); 
      } 
     }