据我了解,如果我想签署 SAML 请求,签名应该由以下内容构成:
SAMLRequest=VALUE&RelayState=VALUE&SigAlg=VALUE 然后我应该创建签名,这是我用来创建签名的一段代码:
var MSCert = new X509Certificate2(ConfigurationManager.AppSettings["KeyFilepath"], ConfigurationManager.AppSettings["KeyFilePassword"]);
RSACryptoServiceProvider rsacsp = (RSACryptoServiceProvider)MSCert.PrivateKey;
CspParameters cspParam = new CspParameters();
cspParam.KeyContainerName = rsacsp.CspKeyContainerInfo.KeyContainerName;
cspParam.KeyNumber = rsacsp.CspKeyContainerInfo.KeyNumber == KeyNumber.Exchange ? 1 : 2;
RSACryptoServiceProvider aescsp = new RSACryptoServiceProvider(cspParam);
aescsp.PersistKeyInCsp = false;
byte[] signed = aescsp.SignData(requestBytes, "SHA256");
// For testing purposes - testing the signature
bool isValid = aescsp.VerifyData(requestBytes, "SHA256", signed);
string signatureValue = null;
// Deflate the signature string
using (var output = new MemoryStream())
{
using (var zip = new DeflateStream(output, CompressionMode.Compress))
{
zip.Write(signed, 0, signed.Length);
}
var base64 = Convert.ToBase64String(output.ToArray());
var urlEncode = HttpUtility.UrlEncode(base64);
signatureValue = urlEncode;
}
而且,我仍然看到验证失败,有人可以帮我看看为什么吗?