public void ProcessInbound(MessageContext context, Action continueProcessing) { bool signatureVerified = false; Envelope env = context.Envelope; // start by getting the purported sender's identity string sender = env.GetSenderIdentity(); if (string.IsNullOrEmpty(sender)) { _log.Error("An inbound event arrived with no sender identity"); } else { // use the identity to lookup their certificate X509Certificate2 senderCert = _certProvider.GetCertificateFor(sender); if (null == senderCert) { _log.Error("Sender " + sender + " does not have a public key certificate available"); } else { // get the digital signature from the headers byte[] digitalSignature = env.GetDigitalSignature(); if (0 == digitalSignature.LongLength) { _log.Error("Sender " + sender + " did not digitally sign the event"); } else { // verify that the payload hasn't been tampered with by using the // sender's public key and the digital signature on the envelope RSACryptoServiceProvider rsaProvider = senderCert.PublicKey.Key as RSACryptoServiceProvider; signatureVerified = rsaProvider.VerifyData(env.Payload, new SHA1CryptoServiceProvider(), digitalSignature); } } } if (signatureVerified) { continueProcessing(); } }