none
How to get the Outlook current user's certificate? RRS feed

  • Question

  • I need to programmatically get the Outlook current user's certificate thumbprint (Outlook 2010/2013).  I'm pretty sure this is not available from the Outlook Object Model, so hopefully there is some property tag for the Recipient object that can be accessed with the PropertyAccessor.  The closest thing I could find was this thread ( https://social.msdn.microsoft.com/Forums/vstudio/en-US/79cd717d-b3a8-4ec8-8191-60b8d06a0d50/c-programmatically-add-certificate-to-outlook-contacts?forum=vsto#5125924e-554f-4bb1-86c2-c066e4e12f48 ) which gives an example of using the PropertyAccessor to get the certificate of a contact.  Unfortunately, this won't work for me, since the current Outlook user (Application.Session.CurrentUser) isn't guaranteed to have himself in his contact folder.

    If there is no certificate/thumbprint property tag for the Recipient object, then another option might be to get a reference to a Signed email from the current user's Sent Folder, but I'd need to know which property tag to use for the MailItem to get the certificate.

    Thursday, April 16, 2015 8:04 PM

Answers

  • Both tools allow to see the DASL name. In MFCMAPI you need to double click on the entry to see the dialog with the required information.
    Thursday, April 16, 2015 9:49 PM
  • For future reference the property is

    string PidTagAddressBookX509Certificate = @"http://schemas.microsoft.com/mapi/proptag/0x8C6A1102";

    You can use the PropertyAccessor on an AddressEntry or ExchangeUser to retrieve the property listed above.  Example:

    object[] result = myAddrEntry.PropertyAccessor.GetProperty(PidTagAddressBookX509Certificate);

    Then load the cert as follows:

    byte[] certBytes = (byte[])result[0];
    X509Certificate2 emailcert = new X509Certificate2(certBytes);

    Wednesday, April 22, 2015 8:43 PM

All replies

  • Hello,

    The CurrentUser property of the Namespace class returns an instance of the Recipient class which provides the AddressEntry property - the AddressEntry object corresponding to the resolved recipient. The GetContact method of the AddressEntry class returns a ContactItem object that represents the AddressEntry, if the AddressEntry corresponds to a contact in an Outlook Contacts Address Book (CAB).

    Try to use any low-level property viewer such MFCMAPI or OutlookSpy for searching the required property.

    Thursday, April 16, 2015 8:37 PM
  • Eugene,

    The problem with GetContact is that I'm pretty sure if the user doesn't have himself in his contacts, then it won't return anything.

    I'll take a look at using OutlookSpy to see if I can find the property though.

    Thursday, April 16, 2015 8:53 PM
  • Eugene,

    Update: I just discovered that if I create a new contact item with the current user's email address (which I can get from Application.Session.CurrentUser.AddressEntry.GetExchangeUser().PrimarySmtpAddress), then Outlook correctly 'maps it' to the correct recipient from the GAL.  So when my addin initially starts then I think I could create the ContactItem for the current user and refer to it later.  I don't know if this is completely foolproof though.

    Question:

    Does OutlookSpy or MFCMAPI tell you what the 'DASL string property tag' is (example: "http://schemas.microsoft.com/mapi/proptag/0x3A701102") such that it can be used with PropertyAccessor?

    Thursday, April 16, 2015 9:10 PM
  • Yes, OutlookSpy shows the DASL property names for all MAPI objects. Click IMAPISession button on the OutlookSpy ribbon, click QueryIdentity. In the IMailUser window, locate the property and select it - DASL edit box will show the DASL name.

    Dmitry Streblechenko (MVP)
    http://www.dimastr.com/redemption
    Redemption - what the Outlook
    Object Model should have been
    Version 5.5 is now available!

    Thursday, April 16, 2015 9:33 PM
  • Both tools allow to see the DASL name. In MFCMAPI you need to double click on the entry to see the dialog with the required information.
    Thursday, April 16, 2015 9:49 PM
  • For future reference the property is

    string PidTagAddressBookX509Certificate = @"http://schemas.microsoft.com/mapi/proptag/0x8C6A1102";

    You can use the PropertyAccessor on an AddressEntry or ExchangeUser to retrieve the property listed above.  Example:

    object[] result = myAddrEntry.PropertyAccessor.GetProperty(PidTagAddressBookX509Certificate);

    Then load the cert as follows:

    byte[] certBytes = (byte[])result[0];
    X509Certificate2 emailcert = new X509Certificate2(certBytes);

    Wednesday, April 22, 2015 8:43 PM