根据我的理解,如果我想签署SAML请求,签名应该由以下内容构成:
SAMLRequest = VALUE&安培;的RelayState = VALUE&安培; SigAlg = VALUE 从那里我应该创建签名,这是我用来创建签名的代码片段:
var MSCert = new X509Certificate2(ConfigurationManager.AppSettings["KeyFilepath"], ConfigurationManager.AppSettings["KeyFilePassword"]);
RSACryptoServiceProvider rsacsp = (RSACryptoServiceProvider)MSCert.PrivateKey;
CspParameters cspParam = new CspParameters();
cspParam.KeyContainerName = rsacsp.CspKeyContainerInfo.KeyContainerName;
cspParam.KeyNumber = rsacsp.CspKeyContainerInfo.KeyNumber == KeyNumber.Exchange ? 1 : 2;
RSACryptoServiceProvider aescsp = new RSACryptoServiceProvider(cspParam);
aescsp.PersistKeyInCsp = false;
byte[] signed = aescsp.SignData(requestBytes, "SHA256");
// For testing purposes - testing the signature
bool isValid = aescsp.VerifyData(requestBytes, "SHA256", signed);
string signatureValue = null;
// Deflate the signature string
using (var output = new MemoryStream())
{
using (var zip = new DeflateStream(output, CompressionMode.Compress))
{
zip.Write(signed, 0, signed.Length);
}
var base64 = Convert.ToBase64String(output.ToArray());
var urlEncode = HttpUtility.UrlEncode(base64);
signatureValue = urlEncode;
}
然而,我发现验证失败了,有人可以帮我看看原因吗?