与此问题相关:How to attach a non-exportable client certificate to a request using C# HttpClient?

问题是所选证书的私钥在HttpClient请求中不可用 .

在上面的问题中,客户端应用程序是WPF(.NET Framework);以管理员身份运行它允许它使用私钥,以便在对Web服务的请求中验证客户端设备 .

我现在的问题是在UWP应用程序(APPX包)中做同样的事情 .

与另一个问题一样,选择和附加证书的C#代码如下:

var subject = /* Distinctive subject name of the certificate known to exist in the store */;
var store = new X509Store(StoreName.My, StoreLocation.LocalMachine);
store.Open(OpenFlags.ReadOnly);
var certificates = store.Certificates.Find(X509FindType.FindBySubjectName, subject, true);
// Known/verifiable at this point that certificates[0] is the correct client cert
var clientHandler = new HttpClientHandler();
clientHandler.ClientCertificates.Add(certificates[0]);
using (var client = new HttpClient(clientHandler))
{
    var response = await client.GetAsync(URL.Text);
    var result = await response.Content.ReadAsStringAsync();
    // ... etc...
}

应用清单目前看起来像这样:

<Package xmlns="http://schemas.microsoft.com/appx/manifest/foundation/windows10" xmlns:mp="http://schemas.microsoft.com/appx/2014/phone/manifest" xmlns:uap="http://schemas.microsoft.com/appx/manifest/uap/windows10" xmlns:rescap="http://schemas.microsoft.com/appx/manifest/foundation/windows10/restrictedcapabilities" IgnorableNamespaces="uap mp rescap">
  <Identity Name="d2661072-54d4-45b3-8e5a-5f32a79876fe" Publisher="CN=me" Version="1.0.16.0" />
  <mp:PhoneIdentity PhoneProductId="d2661072-54d4-45b3-8e5a-5f32a79876fe" PhonePublisherId="00000000-0000-0000-0000-000000000000" />
  <Properties>
    <DisplayName>My app</DisplayName>
    <PublisherDisplayName>me</PublisherDisplayName>
    <Logo>Assets\StoreLogo.png</Logo>
  </Properties>
  <Dependencies>
    <TargetDeviceFamily Name="Windows.Universal" MinVersion="10.0.0.0" MaxVersionTested="10.0.0.0" />
  </Dependencies>
  <Resources>
    <Resource Language="x-generate" />
  </Resources>
  <Applications>
    <Application Id="App" Executable="$targetnametoken$.exe" EntryPoint="MyApp.UWP.App">
      <uap:VisualElements DisplayName="My App" Square150x150Logo="Assets\Square150x150Logo.png" Square44x44Logo="Assets\Square44x44Logo.png" Description="My app" BackgroundColor="transparent">
        <uap:DefaultTile Wide310x150Logo="Assets\Wide310x150Logo.png">
        </uap:DefaultTile>
        <uap:SplashScreen Image="Assets\SplashScreen.png" />
      </uap:VisualElements>
    </Application>
  </Applications>
  <Capabilities>
    <Capability Name="internetClient" />
    <Capability Name="privateNetworkClientServer" />
    <uap:Capability Name="sharedUserCertificates" />
    <uap:Capability Name="enterpriseAuthentication" />
    <rescap:Capability Name="runFullTrust" />
  </Capabilities>
  <Extensions>
    <Extension Category="windows.certificates">
      <Certificates />
    </Extension>
  </Extensions>
</Package>

问题是虽然上面的C#可以访问证书存储并读取证书,但它只能访问公共部分;它无法根据需要使用私有部分来向服务器验证自身(服务器的行为就像请求中没有出现证书一样) .

鉴于所需的证书已放置在本地计算机“个人”商店中,并且不可导出,UWP是否可以使用它,如果可以,如何使用?