1. 首頁
  2. 問答
  3. 在System.Security.Cryptography.Xml.SignedXml上使用.Net的CheckSignature在測試服務器上失敗,但在開發機器上失敗

在System.Security.Cryptography.Xml.SignedXml上使用.Net的CheckSignature在測試服務器上失敗,但在開發機器上失敗

2017-08-04 102 views
0

我試圖通過檢查它的簽名來驗證某個xml文檔沒有被篡改。在System.Security.Cryptography.Xml.SignedXml上使用.Net的CheckSignature在測試服務器上失敗,但在開發機器上失敗

在我的開發機器上工作得很好,但在我們的測試服務器上它總是失敗。開發機是Windows 10,測試服務器的Windows Server 2008 R2和Windows Server 2012的

我已經成功地創建一個SignedXML調試日誌,這是什麼樣子:

發展:

System.Security.Cryptography.Xml.SignedXml Information: 1 : [SignedXml#03d410d5, BeginCheckSignatureFormat] Checking signature format using format validator "[System.Security, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a] 
System.Security.Cryptography.Xml.SignedXml.DefaultSignatureFormatValidator". 
System.Security.Cryptography.Xml.SignedXml Information: 6 : [SignedXml#03d410d5, FormatValidationResult] Signature format validation was successful. 
System.Security.Cryptography.Xml.SignedXml Information: 1 : [SignedXml#03d410d5, BeginCheckSignatureFormat] Checking signature format using format validator "[System.Security, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a] 
System.Security.Cryptography.Xml.SignedXml.DefaultSignatureFormatValidator". 
System.Security.Cryptography.Xml.SignedXml Information: 6 : [SignedXml#03d410d5, FormatValidationResult] Signature format validation was successful. 
System.Security.Cryptography.Xml.SignedXml Information: 2 : [SignedXml#03d410d5, BeginCheckSignedInfo] Checking signature on SignedInfo with id "(null)". 
System.Security.Cryptography.Xml.SignedXml Information: 7 : [SignedXml#03d410d5, NamespacePropagation] Propagating namespace xmlns="<namespace here>".

依此類推。

在測試服務器上它幾乎開出相同的:

System.Security.Cryptography.Xml.SignedXml Information: 1 : [SignedXml#00e65efe, BeginCheckSignatureFormat] Checking signature format using format validator "[System.Security, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a] 
System.Security.Cryptography.Xml.SignedXml.DefaultSignatureFormatValidator". 
System.Security.Cryptography.Xml.SignedXml Information: 6 : [SignedXml#00e65efe, FormatValidationResult] Signature format validation was successful. 
System.Security.Cryptography.Xml.SignedXml Information: 1 : [SignedXml#00e65efe, BeginCheckSignatureFormat] Checking signature format using format validator "[System.Security, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a] 
System.Security.Cryptography.Xml.SignedXml.DefaultSignatureFormatValidator". 
System.Security.Cryptography.Xml.SignedXml Information: 6 : [SignedXml#00e65efe, FormatValidationResult] Signature format validation was successful. 
System.Security.Cryptography.Xml.SignedXml Information: 2 : [SignedXml#00e65efe, BeginCheckSignedInfo] Checking signature on SignedInfo with id "(null)".

,但它只是到此爲止。沒有信息:7被記錄,並且函數返回false。

測試服務器至少安裝了.Net 4.5.2,因此我假定他們不會遇到SHA-256簽名問題。

我在這裏錯過了什麼?

來源

2017-08-04 Drak

+0

它是如何失敗?返回false或拋出異常?代碼在「CheckSignature」調用中看起來像什麼?具體而言,你是否檢查證書的有效性?如果SHA-256不可用,您將得到一個異常。 –

+0

@AndersAbel它只是返回false。我已經在週末弄清楚了,下面我會回答我的答案。 – Drak

回答

1

週末我想通了。

很顯然,我得到的XML(來自Azure AD的聯合數據)是使用不在.Net 4.5.2中工作但在4.6.2中工作的密碼方法簽署的。

今天早上將其中一個測試服務器更新到.Net 4.6.2之後,CheckSignature確實返回了true。

來源

2017-08-07 05:04:05 Drak

相關問題

 相關問題