問題描述
在我的組織中,用戶必須使用智能卡以交互方式登錄到 Windows 站點(diǎn)(95、Vista 和 7).幾乎每天,我們都需要讀取存儲(chǔ)在 SmartCard 中的憑據(jù)并將它們與 ActiveDirectory 進(jìn)行比較,而無需實(shí)現(xiàn)自定義憑據(jù)管理器.我們比較的字段是:userPrincialName 和 sAMAccountName.
In my organization, users must use SmartCard for interactive login to a Windows stations (95,Vista and 7). almost daily, we need to read the credentials stored in the SmartCard and compaire them with the ActiveDirectory, without implementing a custom credentials manager. The fields we compare are: userPrincialName and sAMAccountName.
能否給我看一段代碼,演示如何從 SmartCard 讀取憑據(jù)或引導(dǎo)我閱讀 Internet 上的文章/代碼?
Can you please show me a code that demonstrates how to read the credentials from the SmartCard or guide me to an article / code on the internet?
在 Internet 上的搜索建議實(shí)施憑證管理器或使用其他語言(如 C、C++).另外,我看到了這篇文章:http://www.codeproject.com/Articles/17013/Smart-Card-Framework-for-NET 由 orouit 編寫,這是一個(gè)使用智能卡的框架 - 但我認(rèn)為這對(duì)于我的簡(jiǎn)單任務(wù)來說太過分了.你怎么看?
A search over internet suggeted implementing credentials manager or using other languages (like C, C++). Also, I came across this article : http://www.codeproject.com/Articles/17013/Smart-Card-Framework-for-NET written by orouit, which is a framework for working with SmartCards - but I think this too much for my simple task. What do you think?
推薦答案
好吧,如果在 windows 下開發(fā),一旦你插入智能卡 windows 會(huì)從智能卡中獲取所有證書并將它們放到我的證書存儲(chǔ)中.
Well if developing under windows, once you insert smart card windows will fetch all certificates from the smart card place them to the My certificate store.
var smartCardCerts = new List<X509Certificate2>();
var myStore = new X509Store(StoreName.My, StoreLocation.CurrentUser);
myStore.Open(OpenFlags.ReadOnly);
foreach(X509Certificate2 cert in myStore.Certificates)
{
if( !cert.HasPrivateKey ) continue; // not smartcard for sure
var rsa = cert.PrivateKey as RSACryptoServiceProvider;
if( rsa==null ) continue; // not smart card cert again
if( rsa.CspKeyContainerInfo.HardwareDevice ) // sure - smartcard
{
// inspect rsa.CspKeyContainerInfo.KeyContainerName Property
// or rsa.CspKeyContainerInfo.ProviderName (your smartcard provider, such as
// "Schlumberger Cryptographic Service Provider" for Schlumberger Cryptoflex 4K
// card, etc
var name = cert.Name;
rsa.SignData(); // to confirm presence of private key - to finally authenticate
}
}
現(xiàn)在基本上可以通過 .NET 獲得很多加密 API.但是你也可以直接使用 API Crypto API
basically a lot of crypto API is available via .NET nowdays. But you could also use API directly Crypto API
例如您可以通過
CryptAcquireContext(&hProv,"\.<Reader Name><Container Name>",...)
其中讀卡器名稱是讀卡器名稱,容器名稱是上面代碼片段中的任何 rsa.KeyContainerName.有多種方法可以訪問這樣的信息,而 Crypto API 不是很一致或直接.作為提示,.NET 版本的 CryptAcquireContext 是帶有 CspParameters 的 RSACryptoServiceProvider,如果需要,您可以在其中指定容器名稱.
where reader name is card reader name and container name is whatever rsa.KeyContainerName in code snippet above. There are multiple ways to access information like that and Crypto API is not very consistent or straightforward. as a hint .NET version of CryptAcquireContext is RSACryptoServiceProvider with CspParameters where you can specify container name if needed.
在 ActiveDirectory 中找到用戶可以通過 System.DirectoryServices.DirectoyEntry 和 System.DirectoryServices.DirectorySearcher 來完成,但不要忘記 System.DirectoryServices.ActiveDirectory.Forest 和相關(guān)的 API,它使某些事情更容易弄清楚.
Well finding user in ActiveDirectory may be done via System.DirectoryServices.DirectoyEntry and System.DirectoryServices.DirectorySearcher, but do not forget System.DirectoryServices.ActiveDirectory.Forest and related API which makes some things a lot easier to figure out.
你可以得到
這篇關(guān)于如何從 C# 中的智能卡讀取憑據(jù)的文章就介紹到這了,希望我們推薦的答案對(duì)大家有所幫助,也希望大家多多支持html5模板網(wǎng)!