/// <summary>
/// Creates a <see cref="WindowsIdentity"/> associated with a given X509 certificate.
/// </summary>
/// <param name="x509Certificate">The certificate to use to map to the associated <see cref="WindowsIdentity"/></param>
/// <returns></returns>
public static WindowsIdentity CertificateLogon(X509Certificate2 x509Certificate)
{
// for Vista, LsaLogon supporting mapping cert to NTToken
if (Environment.OSVersion.Version.Major >= CryptoHelper.WindowsVistaMajorNumber)
{
return(X509SecurityTokenHandler.KerberosCertificateLogon(x509Certificate));
}
else
{
// Downlevel, S4U over PrincipalName SubjectAltNames
string upn = x509Certificate.GetNameInfo(X509NameType.UpnName, false);
if (string.IsNullOrEmpty(upn))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenValidationException(SR.GetString(SR.ID4067,
X509Util.GetCertificateId(x509Certificate))));
}
return(new WindowsIdentity(upn));
}
}
