Cette petite classe utilitaire implémentée à l'aide de méthodes statiques vous permet de récupérer des certificats en fonction de leur clé encodée en Base 64, ClientBase64KeyId, dans le Store de l'utilisateur courant ou dans un Store que vous spécifiez :

using System;
using Microsoft.Web.Services2.Security.Tokens;
using Microsoft.Web.Services2.Security.X509;

namespace TechHeadBrothers.Web.Services
{
    /// <summary>
    /// Helper class dealing with X509 certificates
    /// </summary>
    public class X509Helper
    {
        /// <summary>
        /// Return a security token according to its Key Identifier
        /// </summary>
        /// <param name="ClientBase64KeyId">Base64KeyId of the token</param>
        /// <returns>a X509SecurityToken, null if could not find it</returns>
        public static X509SecurityToken FindX509SecurityToken(string ClientBase64KeyId)
        {
            X509CertificateStore store;

            store = X509CertificateStore.CurrentUserStore(X509CertificateStore.MyStore);

            return FindX509SecurityToken(ClientBase64KeyId, store);
        }

        /// <summary>
        /// Return a security token according to its Key Identifier
        /// </summary>
        /// <param name="ClientBase64KeyId">Base64KeyId of the token</param>
        /// <param name="store">store in which to search the key</param>
        /// <returns>a X509SecurityToken, null if could not find it</returns>
        public static X509SecurityToken FindX509SecurityToken(string ClientBase64KeyId, X509CertificateStore store)
        {
            X509SecurityToken token = null;

            store.OpenRead();

            X509CertificateCollection certs = 
                store.FindCertificateByKeyIdentifier(Convert.FromBase64String(ClientBase64KeyId));

            if (certs.Count > 0)
                token = new X509SecurityToken(((X509Certificate) certs[0]));

            store.Close();

            return token;
        }
    }
}