Can't read CurrentUser certificates from X509Store

c# asp.net x509certificate x509certificate2
Tale Masinov picture Tale Masinov · Mar 21, 2012 · Viewed 8.5k times · Source

I'm developing ASP.NET 4.0 web application, and I want to read the current user certificates from X509Store. Reading the LocalMachine certificates works fine, but if I set the StoreLocation to CurrentUser, it gives me an empty collection.

The following code works fine :

X509Store store = new X509Store(StoreName.My, StoreLocation.LocalMachine); // StoreLocation.CurrentUser
store.Open(OpenFlags.ReadOnly | OpenFlags.OpenExistingOnly);

I've checked my personal store (via certmgr.mmc) and I'm sure that I have the certificates.

What am I missing ? ( store.Certificates is empty )

Answer

Tale Masinov picture Tale Masinov · Apr 18, 2012

It appears that you can not access the Personal Certificate Store via web application, no matter what application pool identity you're using.

It makes sense, a web application has no access to that location. :)

My solution :

I've developed an ActiveX control which I think its the only way to access the Store. (Also, a Java Applet offers the same functionality). I use the ActiveX control via JavaScript to access the Store, and send that information to the server.

Related questions

Private key is null when accessing via code, why?

I have a certificate installed on my machine and when I go to view it, I see the message "You have a private key that corresponds to this certificate" however, when I try to access that private key in code, …

Read More
How to retrieve all certificates in your X509Store

I am using the following code to retrieve all certificates in my PC from an asp.net webapp. The certificates collection is empty, and I can't understand why. I tried impersonating my own user account and I didn't succeed as …

Read More
Can't find certificate by serial number

I've imported my certificates to Personal -> Certificates. I use the following lines of code to find my certificate by serial number but I can't: public X509Certificate2Collection FindCerts(string serialNumber) { var searchType = X509FindType.FindBySerialNumber; var storeName = "…

Read More