Question

SignedXmlDoc.CheckSignature在.NET 4.0中总是返回false，请你帮我验证saml签名

CryptoConfig.AddAlgorithm(typeof(RSAPKCS1SHA256SignatureDescription), "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256");
        X509Certificate2 cert = new X509Certificate2();
        string text = System.IO.File.ReadAllText(@"D:\TFS\KCWBB\Dev-2\Source\KC.WEM.ITGSMI.Web\File\sig.cert");
        cert.Import(Encoding.UTF8.GetBytes(text));
        XmlNodeList XMLSignatures = xnlDoc.GetElementsByTagName("Signature", "http://www.w3.org/2000/09/xmldsig#");



        KeyInfo key = new KeyInfo();
        KeyInfoX509Data data = new KeyInfoX509Data(cert);
        key.AddClause(data);

        // Checking If the Response or the Assertion has been signed once and only once.
        if (XMLSignatures.Count == 0) return false;

        var signedXmlDoc = new SignedXml(xnlDoc);
        signedXmlDoc.LoadXml((XmlElement)XMLSignatures[0]);
        if (cert == null)
        {
            return false;
        }


        return signedXmlDoc.CheckSignature(cert,true);

Answer 1

你见过这个： SignedXml.CheckSignature fails in .NET 4 but it works in .NET 3.5, 3 or 2

可能是同一个问题。因为你的代码中没有看到有关cannonicalisation的任何内容。

SignedXmlDoc CheckSignature方法返回false

1 个答案: