Your code is correct and you are able to get a X509Certificate2.
An X509Certificate2 object has the private key only if it comes from the MS CSP (Cryptographic Service Provider).
In your case you are getting such a certificate from a PKCS#11 module, via NCryptoki. In this case you don't have the private key linked because it doesn't come from the CSP.
Using a PKCS#11 module, the private key is usually linked to a certificate by CKA_ID or CKA_LABEL attributes and you can get an handle to the private key by searching the a private key object with a given CKA_ID value using the Find method