I have a C# form (running on the client machine) which gathers all the user X509Certificates from the store, presents them to the user so they can pick the one they want to use. Then I pass the cert off to a webservice to do some work. This all works great! Problem is, the user is never prompted for the X509Certificate password? I can't find a method to "check password" once I have the X509Certificate from the store. I also thought about using the X509Certificate constructor, which needs the path and password, but I don't see a method to get the file path and name from the X509Certificate I grabbed from the store? Is it secure to just grab the certificate from the store and not ask for the user's password?
This is how I'm grabbing from the store:
X509Store store = new X509Store(StoreName.My, StoreLocation.CurrentUser);
store.Open(OpenFlags.ReadOnly);
for (int i = 0; i < store.Certificates.Count; i++)
{
X509Certificate c = store.Certificates[i];
...//add to GUI for user to pick here....
}
Thanks for any help, Steve