0

The project requires digitally signing the XML document before transmission. Using the example provided by Microsoft( link here), the following code forms part of the function called for digitally signing the XML:

XmlDsigExcC14NTransform canMethod = (XmlDsigExcC14NTransform)signedXml.SignedInfo.CanonicalizationMethodObject;
canMethod.InclusiveNamespacesPrefixList = "Sign";

This leads to addition of following tag in signed XML

<InclusiveNamespaces PrefixList="Sign" xmlns="http://www.w3.org/2001/10/xml-exc-c14n#" />

However, when this XML is being saved in the XML Datatype column in SQL Server 2014, the tag changes to following:

<InclusiveNamespaces xmlns="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="Sign" />

Please notice the order of attributes above (PrefixList has moved to the end)

I also tried making the column as nvarchar. But on fetching the XML file as string and converting it to XML type in stored procedure leads to same result. However, when I save it the XML containing PrefixList in the end, the order is maintained.

Although this does not affect the signature verification, but it is critical for the application to maintain the original order of attributes (changes the CRC32 code of the XML) . My question is how to prevent SQL Server from changing the order? Alternatively is to possible to somehow change the order of attributes generated from the code itself in the first place to match that in the SQL Server column? Please help.

Abhishek
  • 63
  • 2
  • 10
  • Why do you care? Usually namespace attributes in xml are put before other attributes in case the other attribute use a namespace. – jdweng Feb 14 '20 at 09:50
  • before implementation of digital signatures, CRC32 of the file was being used to detect any changes in the file and therefore saved in database separately. Now, to maintain backward compatibility, CRC32 is still to be saved seperately in database This CRC32 of the file is presently being computed once it is digitally signed before inserting in database. But it mismatches once it is recalculated after retrieving the file saved in database later! – Abhishek Feb 14 '20 at 10:00
  • Use an `NVARCHAR(MAX)` column. The XML data type will not guarantee 1-1 round-tripping of the markup; changing attribute order is just one of the things that can differ (entity encodings are another). You can still convert to XML in SQL to get data out of it, but not for the exact markup. – Jeroen Mostert Feb 14 '20 at 10:11
  • Recalculate all the existing CRCs in database so you can compare? Or add new column in data base with new CRC. – jdweng Feb 14 '20 at 10:15

0 Answers0