I have a smart card reader. When I attempt to visit a website that accepts client certificates, the browser gives me a list of 2 or 3 client certificates.
All of these certificate options are closely related to cards that have been used from my machine.
When I try to access these options via the X509Store class in .NET, I get back 256 options. That is too many for the user to sort through!
X509Store store = new X509Store("MY", StoreLocation.CurrentUser);
store.Open(OpenFlags.OpenExistingOnly | OpenFlags.ReadWrite);
Most of the certificates the user should NOT pick start with an asterix, so I can easily filter out 80% or so. For example:
*.amazonaws.com *.slashdotmedia.com *.msedge.net
My question is: how can I narrow the options down to a manageable level like my browser (chrome) but from .NET ?
First of all: open certificate store as read-only:
store.Open(OpenFlags.ReadOnly);
next, you have to filter by application policy = client authentication:
var certs = store.Certificates.Find(X509FindType.FindByApplicationPolicy, "1.3.6.1.5.5.7.3.2", true);
certs variable will store only valid certificates (trusted, non-revoked, time-valid, etc.) and which are suitable for client authentication.
when done, close the store:
store.Close();