Trying this with .NetFramework 4.0.
I am working on implementatio of SSO using SAML for security. My code need to work as a Identity Service Provider where I need to validate a SAML Assertion generated from customer's Federation Server and sent to my web-site. As of now everything was good till I received a SAML Assertion with SHA1 algoritm but when it starts sending SHA256, the nighemare started. :)
Well, I have read a lot around this and implemented provided suggestions but could not get through it yet. I have two ways to validate
1. With only SAML Assertion his my site
2. With the certificate (.cer) file provided by my client and situated locally with me.
Below is the code I am using to validate the SAML for point 1. I would go to Point 2 once this is resolved. :)
RSAPKCS1SHA256SignatureDescription.Register();
XmlNamespaceManager nsm = new XmlNamespaceManager(new NameTable());
nsm.AddNamespace("dsig", SignedXml.XmlDsigNamespaceUrl);
XmlElement sigElt = (XmlElement)m_xmlDoc.SelectSingleNode("//dsig:Signature", nsm);
// Load the signature for verification
SignedXml sig = new SignedXml(m_xmlDoc);
sig.LoadXml(sigElt);
if (!sig.CheckSignature())
return "Invalid Signature";As .Net Framework 4.0 does not support SHA256, I have create extension class (public class RSAPKCS1SHA256SignatureDescription : SignatureDescription) as mentioned here. But was of no help. When I debug and try to execute CheckSignature method, the debugger runs me through this new class, but still I get the result as 'False'
Thank you in advance for any help. :)
Regards
Sadneep
"An investment in knowledge pays the best interest." - Ben Franklin