Developing Logon with Certificate Authentication

Enable logon with an X.509 certificate.

  • If developing for the .NET platform certificate handling is enabled by default inside the LogonCore library. The LogonCore library picks a certificate automatically (even if the authentication is combined with SAML) from the certificate store when needed. The user certificate is picked from certmgr.msc Personal/Certificates.
  • If developing for Windows Runtime or Store apps Windows Runtime or Store apps can read certificates from the app's local certificate store. This is true for every component (including the LogonCore library) the app uses. Therefore the PFX file (certificate) must first be installed into the local certificate store so the LogonCore component can use it automatically. Users of the SDK cannot explicitly specify which certificate to use. The application developer has two options for installing a certificate:
    1. Install the certificate using the Windows Runtime APIs.
    2. implement the certificate provider interface (ICertificateProvider) provided by the LogonCore library to install a PFX into the app's local certificate store.