Prompt user for password when grabbing X509Certificate from X509Store?

Question

I have a C# form (running on the client machine) which gathers all the user X509Certificates from the store, presents them to the user so they can pick the one they want to use. Then I pass the cert off to a webservice to do some work. This all works great! Problem is, the user is never prompted for the X509Certificate password? I can't find a method to "check password" once I have the X509Certificate from the store. I also thought about using the X509Certificate constructor, which needs the path and password, but I don't see a method to get the file path and name from the X509Certificate I grabbed from the store? Is it secure to just grab the certificate from the store and not ask for the user's password?

This is how I'm grabbing from the store:

X509Store store = new X509Store(StoreName.My, StoreLocation.CurrentUser);
store.Open(OpenFlags.ReadOnly);
for (int i = 0; i < store.Certificates.Count; i++) 
{
    X509Certificate c = store.Certificates[i];
    ...//add to GUI for user to pick here....
}

Thanks for any help, Steve

Answer 1

If you choose to use a certificate from cryptographic device like eToken or SmartCard you will be automatically prompted to enter the password (password for the device, not certificate). In other cases I don't think you should care about it. You can easily access the local store without any passwords in Windows, so why would you pass-protect them in the app.

Answer 2

it depends wether the certificate's private key is protected by a password or not. If you accecss such a certificate from the store, windows should prompt you to enter it.