locked
Multiple SMIME Certificates in AD Property "userCertificate" RRS feed

  • Question

  • Hi...

    I am witing some code to send SMIME Encrypted MailMessage objects using X509Certificates.  I have a certificate template that created certificates and stores them in Active Directory in the "userCertificate" Property.  The code is able to successfully query LDAP and retrive the property.  Unfortunately, it is possible to store multiple certificates (enumerated) in this property.  Does anyone know the best method for retrieve the correct certiicate.  Here is some code...

    1                         string ADSFilter = "(&(objectCategory=user)(mail=someone@somewhere.com))";  
    2                         string [] LoadProps = new string[]{"memberOf"};  
    3                         DirectoryEntry de = new DirectoryEntry("LDAP://RootDSE");  
    4                         String strLDAPPath = de.Properties["defaultNamingContext"][0].ToString();  
    5                         DirectoryEntry domain = new DirectoryEntry("LDAP://" + strLDAPPath);  
    6                         domain.AuthenticationType = AuthenticationTypes.Secure;  
    7  
    8                         DirectorySearcher searcher = new DirectorySearcher(domain);  
    9                         searcher.SearchScope = SearchScope.Subtree;  
    10                         searcher.ReferralChasing = ReferralChasingOption.All;  
    11                         searcher.PropertiesToLoad.AddRange(LoadProps);  
    12                         searcher.Filter = ADSFilter;  
    13                         SearchResult search =  searcher.FindOne();  
    14                         DirectoryEntry entry = search.GetDirectoryEntry();  
    15  
    16                         X509Certificate2 certificateEncryptAD = new X509Certificate2((byte[])entry.Properties["usercertificate"][2]); 

    The last line (16) is the problem.  I happen to have 4 certificates, but the 3rd one (index of 2) is the correct one...how can I discover this programatically?  This value cannot be hard coded because every user may have different certificates.

    Thanks!
    Wednesday, July 2, 2008 7:15 PM