從AD服務器檢索X509證書

Question

有沒有什麼辦法可以從AD服務器使用c＃來獲取X509公用證書以加密電子郵件。 現在我正在使用本地商店提取證書和加密郵件。

static public X509Certificate2 GetRecipientCertPublic(string recipientName) 
    {   

     X509Store storeAddressBook = new X509Store(StoreName.AddressBook, StoreLocation.CurrentUser); 
     storeAddressBook.Open(OpenFlags.ReadOnly); 
     X509Certificate2Collection certColl = storeAddressBook.Certificates.Find(X509FindType.FindBySubjectName, recipientName, false); 
     storeAddressBook.Close(); 
     if (certColl.Count != 0) 
     { 

      return certColl[0]; 
     } 
     else 
     { 
      return null; 
     } 
    } 

正如我在Outlook中看到的行爲是不同的。即使本地機器證書管理器中沒有配方的公共證書。它可以從組織的中央服務器或廣告服務器（我不太確定它）拿到公共證書併發送加密的郵件。

Answer 1

 DirectoryEntry de = new DirectoryEntry("LDAP://#####"); //Where ##### is the name of your AD server 
     DirectorySearcher dsearch = new DirectorySearcher(de); 
     dsearch.Filter = "(cn=#####)"; //Search how you want. Google "LDAP Filter" for more. 
     SearchResultCollection rc = dsearch.FindAll(); 
     X509Certificate stt = new X509Certificate(); 

     foreach (SearchResult r in rc) 
     { 

      if (r.Properties.Contains("userCertificate")) 
      { 
       Byte[] b = (Byte[])r.Properties["userCertificate"][0]; //This is hard coded to the first element. Some users may have multiples. Use ADSI Edit to find out more. 
       X509Certificate cert1 = new X509Certificate(b); 
      } 
     }