c# - validating signed XML

Question

I have a problem with validating signed XML. Maybe you can help me :)

I have an ASP.NET MVC service, which receives an XML and I need to validate if signature in this XML is valid.

Certificate I'm using for validation looks like this:

cert.crt file:

-----BEGIN CERTIFICATE-----
MIIDcjCCAlqgAwIBAgIFALVBJRQwDQYJKoZIhvcNAQEFBQAwaTELMAkGA1UEBhMCREUxDz ............
-----END CERTIFICATE-----

My code for signature validation:

var xmlDoc = new XmlDocument { PreserveWhitespace = true };
xmlDoc.LoadXml(samlXML);

var signedXml = new SignedXml(xmlDoc);

var certPath = HostingEnvironment.MapPath(@"~/App_Data/cert.crt");
var readAllBytes = File.ReadAllBytes(certPath);

X509Certificate2 certificate = new X509Certificate2(readAllBytes);

XmlNodeList signatureElement = xmlDoc.GetElementsByTagName("ds:Signature");
signedXml.LoadXml((XmlElement)signatureElement[0]);

var isValid = signedXml.CheckSignature(certificate, true);

XML is signed by :

<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>

This line

X509Certificate2 certificate = new X509Certificate2(readAllBytes);

Throws an error

Object was not found.

What am I doing wrong?

Have you check certPath, is it correct and is the file there? — Shino Lex, Mar 15 '19 at 11:07
@ShinoLex yes line `var readAllBytes = File.ReadAllBytes(certPath);` works fine — , Mar 15 '19 at 11:36

score 0 · Answer 1 · answered Mar 15 '19 at 12:35

0

According to the docs the byte array must be either binary encoded (DER format) or Base64-encoded X.509 data. You have something else on your hands, which is why the constructor can't handle your data.

Check the docs for more information.

answered Mar 15 '19 at 12:35

D.R.

20,268
21
102
205

c# - validating signed XML

1 Answers1