Namespace: Microsoft.Clm.Provision
Assembly: Microsoft.Clm.Provision (in microsoft.clm.provision.dll)
Usage
Visual Basic |
---|
Dim smartcardUuid As Guid Dim returnValue As String returnValue = ExecuteOperations.GetUserPin(smartcardUuid) |
Syntax
Visual Basic |
---|
Public Shared Function GetUserPin ( _ smartcardUuid As Guid _ ) As String |
C# |
---|
public static string GetUserPin ( Guid smartcardUuid ) |
C++ |
---|
public: static String^ GetUserPin ( Guid smartcardUuid ) |
J# |
---|
public static String GetUserPin ( Guid smartcardUuid ) |
JScript |
---|
public static function GetUserPin ( smartcardUuid : Guid ) : String |
Parameters
- smartcardUuid
-
A Guid object that identifies the smart card for which to retrieve the user PIN.
Return Value
A String object that contains the user’s smart card PIN.Remarks
This method retrieves the initial user PIN that is stored on the smart card. Subsequent user PINs are not tracked by FIM CM. This requires the smart card user PIN policy to be configured as ServerGenerated.
In order for a call to this method to succeed, the caller of the method must be authorized to call the methods in the Sensitive API group. The Sensitive API group includes those methods where the caller has access to sensitive data. This includes the administrator PIN, the user PIN, the Base CSP administrator authentication key, and/or the Base CSP challenge response information.
To allow for a user, or a group of users, to be authorized to call the methods in the Sensitive API group, FIM CM must be configured as follows:
-
Open the
web.config
file that is associated with the FIM CM Web Virtual Directory (the default location of this file is%programfiles%\Microsoft Certificate Lifecycle Manager\web\web.config
). -
Locate the configuration section for the Sensitive API group, which resembles the following:
-
<add key="Clm.ProvisionApi.SensitiveApiGroup" value="" />
-
By default, FIM CM does not authorize any users to call the methods in the Sensitive API group.
-
Set the value to the name of a security group that contains the users who are to be authorized to call the methods in the Sensitive API group. The security group must be specified in the "domainname\groupname" format. For example:
-
<add key="Clm.ProvisionApi.SensitiveApiGroup" value="domain\SensitiveApiUserGroup" />
-
Save the
web.config
file.