Fatal编程技术网
  • .net/
  • 在System.Security.Cryptography.Xml.SignedXml上使用.Net的CheckSignature在测试服务器上失败,但在开发计算机上失败

在System.Security.Cryptography.Xml.SignedXml上使用.Net的CheckSignature在测试服务器上失败,但在开发计算机上失败

.net xml

在System.Security.Cryptography.Xml.SignedXml上使用.Net的CheckSignature在测试服务器上失败,但在开发计算机上失败,.net,xml,xml-signature,.net,Xml,Xml Signature,我试图通过检查某个xml文档的签名来验证它是否被篡改 在我的开发机器上,这很好,但在我们的测试服务器上,它总是失败。开发机器是Windows 10,测试服务器是Windows Server 2008 R2和Windows Server 2012 我已经成功创建了SignedXML调试日志,它看起来是这样的: 发展: System.Security.Cryptography.Xml.SignedXml Information: 1 : [SignedXml#03d410d5, BeginCheck

我试图通过检查某个xml文档的签名来验证它是否被篡改

在我的开发机器上,这很好,但在我们的测试服务器上,它总是失败。开发机器是Windows 10,测试服务器是Windows Server 2008 R2和Windows Server 2012

我已经成功创建了SignedXML调试日志,它看起来是这样的:

发展:

System.Security.Cryptography.Xml.SignedXml Information: 1 : [SignedXml#03d410d5, BeginCheckSignatureFormat] Checking signature format using format validator "[System.Security, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a] 
System.Security.Cryptography.Xml.SignedXml.DefaultSignatureFormatValidator".
System.Security.Cryptography.Xml.SignedXml Information: 6 : [SignedXml#03d410d5, FormatValidationResult] Signature format validation was successful.
System.Security.Cryptography.Xml.SignedXml Information: 1 : [SignedXml#03d410d5, BeginCheckSignatureFormat] Checking signature format using format validator "[System.Security, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a] 
System.Security.Cryptography.Xml.SignedXml.DefaultSignatureFormatValidator".
System.Security.Cryptography.Xml.SignedXml Information: 6 : [SignedXml#03d410d5, FormatValidationResult] Signature format validation was successful.
System.Security.Cryptography.Xml.SignedXml Information: 2 : [SignedXml#03d410d5, BeginCheckSignedInfo] Checking signature on SignedInfo with id "(null)".
System.Security.Cryptography.Xml.SignedXml Information: 7 : [SignedXml#03d410d5, NamespacePropagation] Propagating namespace xmlns="<namespace here>".
但就到此为止。未记录任何信息:7,函数返回false

测试服务器至少安装了.Net 4.5.2,因此我认为它们在SHA-256签名方面不会有问题

我错过了什么

周末我就想出来了

显然,我从Azure AD获取联合数据的XML是使用加密方法签名的,该方法在.Net 4.5.2中不起作用,但在4.6.2中确实起作用

今天早上将其中一台测试服务器更新到.Net 4.6.2后,CheckSignature确实返回true。

它是如何失败的?返回false还是引发异常?调用CheckSignature时代码是什么样子的?具体来说,您是否检查证书的有效性?如果SHA-256不可用,您将得到一个异常。@AndersAbel它只返回false。我已经设法在周末找到了答案,我将在下面发布我的答案。 
System.Security.Cryptography.Xml.SignedXml Information: 1 : [SignedXml#00e65efe, BeginCheckSignatureFormat] Checking signature format using format validator "[System.Security, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a] 
System.Security.Cryptography.Xml.SignedXml.DefaultSignatureFormatValidator".
System.Security.Cryptography.Xml.SignedXml Information: 6 : [SignedXml#00e65efe, FormatValidationResult] Signature format validation was successful.
System.Security.Cryptography.Xml.SignedXml Information: 1 : [SignedXml#00e65efe, BeginCheckSignatureFormat] Checking signature format using format validator "[System.Security, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a] 
System.Security.Cryptography.Xml.SignedXml.DefaultSignatureFormatValidator".
System.Security.Cryptography.Xml.SignedXml Information: 6 : [SignedXml#00e65efe, FormatValidationResult] Signature format validation was successful.
System.Security.Cryptography.Xml.SignedXml Information: 2 : [SignedXml#00e65efe, BeginCheckSignedInfo] Checking signature on SignedInfo with id "(null)".