Hello all,

It seems that digitally signing XML documents using the SignedXml class has
a bug - or at least a behavior I cannot explain.

The problem occurs when I sign XML documents containing namespace prefixes
and namespace references and then validate it. The validation always fails
(returns false) in this case. When I remove the namespace prefixes and
namespace references from the XML, signing and validating works fine.

It seems that the problem has been recognized in .NET framework 1.1 (see
http://support.microsoft.com/kb/888999/en-us), however I am using .NET 2.0,
and the problem still exists.

I have made a boiled down reproduction of the behavior, it should be easy to
paste into a console application to test. You just need to add a reference to
System.Security.

Any advice on this issue would be greatly appreciated.

---BEGIN CODE

using System;
using System.Collections.Generic;
using System.Text;
using System.Xml;
using System.Security.Cryptography.X509Certificates;
using System.Security.Cryptography.Xml;
using System.Security.Cryptography;
using System.Xml.Schema;

namespace ConsoleApplication1
{
  class Program
  {
        private static XmlElement GoodElement()
        {
            // Create a test xml document
            XmlDocument oDoc = new XmlDocument();
            oDoc.LoadXml(@"<somedoc><a><b Id=""signme"">This should be
signed</b></a></somedoc>");

            // Get a specific element in the xml document
            XmlElement elem = (XmlElement)oDoc.SelectNodes("//b")[0];

            return elem;
        }

        private static XmlElement BadElement()
        {
            // Create a test xml document
            XmlDocument oDoc = new XmlDocument();
            oDoc.LoadXml(@"<somedoc
xmlns:pre=""http://some.url/schema""><pre:a><pre:b Id=""signme"">This should
be signed</pre:b></pre:a></somedoc>");

            // Get a specific namespace prefixed element in the xml document
            XmlNamespaceManager xman = new XmlNamespaceManager(oDoc.NameTable);
            XmlElement elem = (XmlElement)oDoc.SelectNodes("//pre:b", xman)[0];

            return elem;
        }

        private static void Reproduce()
        {
            XmlElement elem = BadElement();
            Console.WriteLine("Signing and validating this XML: " + elem.OuterXml);
            Console.WriteLine();

            // Sign the element
            RSACryptoServiceProvider key = new RSACryptoServiceProvider();
            SignedXml sx = new SignedXml(elem);
            sx.SigningKey = key;
            sx.AddReference(new Reference("#signme")); // Sign this node
            sx.ComputeSignature();

            // Hold the signature
            XmlElement signature = sx.GetXml();

            // Validate
            SignedXml sx2 = new SignedXml(elem);
            sx2.LoadXml(signature);
            bool test = sx2.CheckSignature(key);
            Console.WriteLine("Result of validation: " + test);
            Console.ReadLine();

            // Use GoodElement in first line of this method: test is true, ok!
            // Use BadElement in first line of this method: Fails with false! Why?
        }

    static void Main(string[] args)
    {
            Reproduce();
    }
  }
}

--- END CODE


      / Peter.

Peter

I have exactly the same problem, so I was wondering if you ever resolved
this issue, and if you did - how did you do it?

Thanks
Vadim

Bad Data. Any idea what this means?
Aplying more than 1 attributes ?????
Preferred method of hashing salted password
Verify syntax of an URl
How to convert string to SecureString?
Encrypting connection string in app.config
Get role for any given user name ...
Laptop Problems
when my C# service impersonates a secondary account does the secondary account need any special perm
Domain isolation question.