No, I Will Not Fix Your #@$!! Computer → Help Creating Contact Smart Cards

MODS: If this should be in security, please move it.. but since it is using Active Directory, I felt I would ask here first

Well it is a shot in the dark and a bit long, but here it goes...

Background:

We currently work with three vendors for magnetic, and contactless cards. They are a pain to work with and because of certain rules in place, they know we can't really fire them and go with another company. We would rather not give them more money if possible.

A new testing lab is coming online soon, and the testing center wanted a way to issue a card to a user at sign in, have the testee go to the assigned workstation, insert the card, enter a code, and it login without user input. The workstation would log off when card was removed. Depending on the card, Group Policy would load the appropriate URL for the appropriate test and the user would then login to their test.

What the team I'm on came up with:

mimic the contact smart card usage that the military, and many other institutions are using for identity management.

Where we are stuck:

We have the Certificate templates in place, but it seems that there are no good guides on what cards we can purchase that will allow us to write the certificate to the card as built into Windows. Most of what we found requires middle ware, or a vendor to integrate into our PKI at the cost of thousands upon thousands of dollars... that of which we don't have.

What I'm asking for:

If you have issued smart cards in some capacity, what brand of card doesn't require middleware, and can be assigned a certificate by using the built in Microsoft Certificate services console using "Enroll on the Behalf of" and keying in a PIN.
We have a reader/writer, but can't get any direction on the brand of card.

Also, if we are going down the wrong path, please let me know.