private static void ChallengeCertificate(IdentityManager.CredentialRequestInfos credentialRequestInfos, Action<IdentityManager.Credential, Exception> callback)
{
var store = new X509Store(StoreName.My, StoreLocation.CurrentUser);
X509Certificate2Collection certificates;
try
{
const string clientAuthOid = "1.3.6.1.5.5.7.3.2"; // Client Authentication OID
store.Open(OpenFlags.ReadOnly | OpenFlags.OpenExistingOnly);
// Find Client Authentication certificate
certificates = store.Certificates.Find(X509FindType.FindByApplicationPolicy, clientAuthOid, true); // todo true);
}
catch (Exception)
{
certificates = null;
}
finally
{
store.Close();
}
if (certificates != null && certificates.Count >= 1)
{
// Let the user select/validate the certificate
string url = credentialRequestInfos.Url;
string resourceName = GetResourceName(url);
IdentityManager.ServerInfo serverInfo = IdentityManager.Current.FindServerInfo(url);
string server = serverInfo == null ? Regex.Match(url, "http.?//[^/]*").ToString() : serverInfo.ServerUrl;
string message = string.Format(Properties.Resources.SignInDialog_CertificateRequired, resourceName, server); // certicate required to access {0} on {1}
certificates = X509Certificate2UI.SelectFromCollection(certificates, null, message, X509SelectionFlag.SingleSelection);
}
IdentityManager.Credential credential = null;
Exception error = null;
if (certificates != null && certificates.Count > 0)
{
credential = new IdentityManager.Credential {ClientCertificate = certificates[0]};
}
else
{
// Note : Error type is not that important since the error returned to the user is the initial HTTP error (Authorization Error)
error = new System.Security.Authentication.AuthenticationException();
}
callback(credential, error);
}