Validate Signed XML against X.509 Certificate in .NET

15 Dec 2006 7:13 PM

flazh2000

I'm working on the single sign on project. Does anybody know how to
validate a signed XML against X.509 certificate (public key certificate
is provided) in .NET?
I already tried using the SignXML.CheckSignature() object, but I kept
getting an invalid/false result. The CheckSignature method has no way
for me to specify which certificate to be validated against. Any web
link or sample will be very helpful. Thanks people!

The following my code. The information sent from the client is in
base64 encoding and comply to SAML specification.

=======================================================================

Dim SAMLResponse As String
Dim BC As New ASCIIEncoding
Dim DecodedData() As Byte
Dim sDecodedData As String

SAMLResponse = Request("SAMLResponse")
DecodedData = Convert.FromBase64String(SAMLResponse)
sDecodedData = BC.GetString(DecodedData)

Dim RSA As New RSACryptoServiceProvider
Dim publicKey As String

publicKey = RSA.ToXmlString(False)
RSA.FromXmlString(publicKey)

Dim xmlDocument As New XmlDocument
xmlDocument.PreserveWhitespace = True
xmlDocument.LoadXml(sDecodedData)

Dim signedXml As New SignedXml(xmlDocument)
Dim nodeList As XmlNodeList =
xmlDocument.GetElementsByTagName("ds:Signature")
signedXml.LoadXml(CType(nodeList(0), XmlElement))

If signedXml.CheckSignature(RSA) Then
lblOutput.Text = "Valid"
Else
lblOutput.Text = "Invalid"
End If

19 Dec 2006 5:40 PM

asaf da

The SignedXml object selects attributes containing the name "Id" (which
matches the URI attribute on the Reference element), but in saml it can
be AssertionID or RequestID.
you may want to override the GetIdElement method (on the SignedXml
object) to recognize 'AssertionID' and 'ResponseID'.

*** Sent via Developersdex http://www.developersdex.com ***