In .NET, you will typically use the X509Certificate (or perhaps
X509Certificate2 in .NET 2.0) to wrap binary certificate data. From there,
there are a variety of methods that pull various known fields such as
subject out of the certificate. Once you have that as a string, you can
generally use that to formulate a filter for an LDAP query and you are all
set.
It really depends on what data in the certificate contains your identifying
attribute and whether X509Certificate supports it directly.
I'd try looking at that first. If you need stuff out of the cert that is
not supported by X509Certificate, you'll likely need to p/invoke. Mitch
Gallant has a fantastic website with lots of info dedicated to doing fancy
stuff with PKI and crypto that way.
Joe K.