您的位置: 首页  >  技术问答  >  在System.Security.Cryptography.Xml.SignedXml上使用.Net的CheckSignature在测试服务器上失败,但在开发机器上失败

在System.Security.Cryptography.Xml.SignedXml上使用.Net的CheckSignature在测试服务器上失败,但在开发机器上失败

分类: 技术问答 2022-09-26 00:21:40
问题描述:

我试图通过检查它的签名来验证某个xml文档没有被篡改。在System.Security.Cryptography.Xml.SignedXml上使用.Net的CheckSignature在测试服务器上失败,但在开发机器上失败

在我的开发机器上工作得很好,但在我们的测试服务器上它总是失败。开发机是Windows 10,测试服务器的Windows Server 2008 R2和Windows Server 2012的

我已经成功地创建一个SignedXML调试日志,这是什么样子:

发展:

System.Security.Cryptography.Xml.SignedXml Information: 1 : [SignedXml#03d410d5, BeginCheckSignatureFormat] Checking signature format using format validator "[System.Security, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a] 
System.Security.Cryptography.Xml.SignedXml.DefaultSignatureFormatValidator". 
System.Security.Cryptography.Xml.SignedXml Information: 6 : [SignedXml#03d410d5, FormatValidationResult] Signature format validation was successful. 
System.Security.Cryptography.Xml.SignedXml Information: 1 : [SignedXml#03d410d5, BeginCheckSignatureFormat] Checking signature format using format validator "[System.Security, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a] 
System.Security.Cryptography.Xml.SignedXml.DefaultSignatureFormatValidator". 
System.Security.Cryptography.Xml.SignedXml Information: 6 : [SignedXml#03d410d5, FormatValidationResult] Signature format validation was successful. 
System.Security.Cryptography.Xml.SignedXml Information: 2 : [SignedXml#03d410d5, BeginCheckSignedInfo] Checking signature on SignedInfo with id "(null)". 
System.Security.Cryptography.Xml.SignedXml Information: 7 : [SignedXml#03d410d5, NamespacePropagation] Propagating namespace xmlns="<namespace here>".

依此类推。

在测试服务器上它几乎开出相同的:

System.Security.Cryptography.Xml.SignedXml Information: 1 : [SignedXml#00e65efe, BeginCheckSignatureFormat] Checking signature format using format validator "[System.Security, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a] 
System.Security.Cryptography.Xml.SignedXml.DefaultSignatureFormatValidator". 
System.Security.Cryptography.Xml.SignedXml Information: 6 : [SignedXml#00e65efe, FormatValidationResult] Signature format validation was successful. 
System.Security.Cryptography.Xml.SignedXml Information: 1 : [SignedXml#00e65efe, BeginCheckSignatureFormat] Checking signature format using format validator "[System.Security, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a] 
System.Security.Cryptography.Xml.SignedXml.DefaultSignatureFormatValidator". 
System.Security.Cryptography.Xml.SignedXml Information: 6 : [SignedXml#00e65efe, FormatValidationResult] Signature format validation was successful. 
System.Security.Cryptography.Xml.SignedXml Information: 2 : [SignedXml#00e65efe, BeginCheckSignedInfo] Checking signature on SignedInfo with id "(null)".

,但它只是到此为止。没有信息:7被记录,并且函数返回false。

测试服务器至少安装了.Net 4.5.2,因此我假定他们不会遇到SHA-256签名问题。

我在这里错过了什么?

+0

它是如何失败?返回false或抛出异常?代码在“CheckSignature”调用中看起来像什么?具体而言,你是否检查证书的有效性?如果SHA-256不可用,您将得到一个异常。 –

+0

@AndersAbel它只是返回false。我已经在周末弄清楚了,下面我会回答我的答案。 – Drak

周末我想通了。

很显然,我得到的XML(来自Azure AD的联合数据)是使用不在.Net 4.5.2中工作但在4.6.2中工作的密码方法签署的。

今天早上将其中一个测试服务器更新到.Net 4.6.2之后,CheckSignature确实返回了true。

相关推荐