如何使用C＃驗證證書？

Question

我正在使用visual studio 2005，並且希望驗證具有應用程序證書的SAML響應證書，這裏我從身份提供商那裏得到SAML響應，並且它發送帶有證書的SAML響應，並且應用程序單獨擁有相同的證書，這裏我需要檢查SAML響應是否具有SAML證書。你能請任何人幫助我嗎？ With Thanks， Gopi G

Answer 1

下面是如何驗證完整SAML身份驗證響應的簽名的示例。斷言簽名驗證類似。

const string XpathResponseSignatureCertificate = "/samlp:Response/ds:Signature/ds:KeyInfo/ds:X509Data/ds:X509Certificate"; 

XmlElement xmlResponseSignature = GetSignatureElement(authenticationResponse); 

// Get certificate from IdP metadata document 
X509Certificate2 signingCertificate = identityProvider.SigningCertificate; 

XmlDocument responseXmlDocument = GetResponseAsXmlDocument(string samlResponse); 

XmlNode responseSignatureXmlNode = this.responseXmlDocument.DocumentElement.SelectSingleNode(XpathResponseSignatureCertificate, this.namespaceManager); 
XmlElement xmlSignature = responseSignatureXmlNode .InnerText.Trim() 

SignedXml signedXml = new SignedXml(ResponseXmlDocumen; 
signedXml.LoadXml((XmlElement)xmlSignature); 

if (signedXml.CheckSignature(cert, true) == false) 
{ 
    throw new Exception("Not valid signature"); 
} 

bool isReferenceValid = false; 
foreach (Reference reference in signedXml.SignedInfo.References) 
{ 
    string refValue = reference.Uri.Substring(1); 
    if (refValue == authenticationResponse.Id) 
    { 
     isReferenceValid = true; 
    } 
} 

if (isReferenceValid == false) 
{ 
    throw new Exception("Not valid signature reference"); 
}