【问题标题】:How to validate the certificate using C#?如何使用 C# 验证证书?
【发布时间】:2014-01-20 13:01:45
【问题描述】:

我正在使用 Visual Studio 2005,我想用应用程序证书验证 SAML 响应证书,这里我从身份提供者那里得到一个 SAML 响应,它用证书发送 SAML 响应,并且应用程序分别具有相同的证书,这里我需要检查 SAML 响应是否有 SAML 证书。你能请任何人帮助我吗? 感谢, 戈皮G

【问题讨论】:

    标签: c# saml-2.0


    【解决方案1】:

    这里是示例,如何验证完整 SAML 身份验证响应的签名。断言签名验证类似。

    const string XpathResponseSignatureCertificate = "/samlp:Response/ds:Signature/ds:KeyInfo/ds:X509Data/ds:X509Certificate";
    
    XmlElement xmlResponseSignature =  GetSignatureElement(authenticationResponse);
    
    // Get certificate from IdP metadata document
    X509Certificate2 signingCertificate = identityProvider.SigningCertificate;
    
    XmlDocument responseXmlDocument = GetResponseAsXmlDocument(string samlResponse);
    
    XmlNode responseSignatureXmlNode = this.responseXmlDocument.DocumentElement.SelectSingleNode(XpathResponseSignatureCertificate, this.namespaceManager);
    XmlElement xmlSignature = responseSignatureXmlNode .InnerText.Trim()
    
    SignedXml signedXml = new SignedXml(ResponseXmlDocumen;
    signedXml.LoadXml((XmlElement)xmlSignature);
    
    if (signedXml.CheckSignature(cert, true) == false)
    {
        throw new Exception("Not valid signature");
    }
    
    bool isReferenceValid = false;
    foreach (Reference reference in signedXml.SignedInfo.References)
    {
        string refValue = reference.Uri.Substring(1);
        if (refValue  == authenticationResponse.Id)
        {
            isReferenceValid = true;
        }
    }
    
    if (isReferenceValid == false)
    {
        throw new Exception("Not valid signature reference");
    }
    

    【讨论】:

      猜你喜欢
      • 2021-07-22
      • 2020-01-05
      • 1970-01-01
      • 2019-06-14
      • 1970-01-01
      • 1970-01-01
      • 1970-01-01
      • 1970-01-01
      • 1970-01-01
      相关资源
      最近更新 更多