Public Key Infrastructure – Authenticate the user with AD and get the user's private key


I've built an application for signing a document (digital signature).

Is it possible that I ask for an AD user name and password to anyone accessing the application? How can I integrate AD authentication into my application?
Currently, I use LDAP.

All users have their private key and their signing certificate (issued by AD) in their user configuration. How can the application get the private key and the certificate of the user (normally both are manually exported in .pfx format from mmc) once the user has it? is authenticated to AD, so that the application can use this thing to sign the document.