internal static bool VerifyDetachedSignature( string detachedSignature, string detachedSignatureAlgorithm, string signedQueryString, string certIdentifier ) { if (string.IsNullOrWhiteSpace(detachedSignature)) { throw new ArgumentException("DetachedSignature not mentioned"); } // Check that we have a signature algorithm, if not throw error if (string.IsNullOrWhiteSpace(detachedSignatureAlgorithm)) { throw new ArgumentException("DetachedSignature not mentioned"); } X509Certificate2 samlEncryptionAndSigningKey = SignMessage.GetSamlEncryptionAndSigningKey(certIdentifier); X509Certificate2Collection publicKeys = new X509Certificate2Collection(); publicKeys.Add(samlEncryptionAndSigningKey); object hashAlgorithmProvider = GetAlgorithmProvider(detachedSignatureAlgorithm); try { // Now verify return(IsValidDetachedSignature( signedQueryString, hashAlgorithmProvider, detachedSignature, publicKeys)); } finally { IDisposable hashAlgorithmProviderDisp = hashAlgorithmProvider as IDisposable; if (hashAlgorithmProviderDisp != null) { hashAlgorithmProviderDisp.Dispose(); } } }
/// <summary> /// Gets SamlSigned RedirectUrl /// </summary> /// <param name="destination"></param> /// <param name="samlPayLoad"></param> /// <param name="relayStateInput"></param> /// <param name="signatureAlogrithm"></param> /// <param name="certSubject"></param> /// <returns></returns> public static UrlBuilder GetSamlSignedRedirectUrl ( string destination, string samlPayLoad, string relayStateInput, string signatureAlogrithm, string certSubject ) { UrlBuilder redirectUrl = new UrlBuilder() { Uri = new Uri(destination) }; // Add the request parameters to the URL builder redirectUrl.AddOrUpdateParameter("SAMLRequest", samlPayLoad.RedirectEncode()); if (!string.IsNullOrWhiteSpace(relayStateInput)) { redirectUrl.AddOrUpdateParameter("RelayState", relayStateInput.RedirectEncode()); } // Save signature algorithm SignMessage.SignatureAlgorithm sigAlgorithm = (SignMessage.SignatureAlgorithm)Enum.Parse(typeof(SignMessage.SignatureAlgorithm), signatureAlogrithm, true); AddSignatureToRequest(redirectUrl, sigAlgorithm); X509Certificate2 samlEncryptionAndSigningKey = SignMessage.GetSamlEncryptionAndSigningKey(certSubject); string signature = SignMessage.SignDetached(redirectUrl.GetQueryString(), samlEncryptionAndSigningKey, sigAlgorithm); redirectUrl.AddOrUpdateParameter("Signature", signature); string signedSamlRedirectMessage = redirectUrl.ToString(); return(redirectUrl); }