Forum guidelines
  • Home
  • »
  • .NET 5.0
  • »
  • How can validate SAML Assertion in .net
AuthorQuestion
How can validate SAML Assertion in .net
Posted By shrikant kesharwani on 30 Jun 2011
Hi All,

I am getting the valid SAML response from the vendor and I just want to validate SAML Assertion.

Below is the SAML response and I have mask few things with xxxxxxxxxxxxxxxxxxxxxx due to vendor concern.

<samlp:Response IssueInstant="" ID="gzRaMPjm98mgG0_s0ylFgO85wao" Version="2.0" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
<saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">http://xxxxxxxxxx.com/</saml:Issuer>
<samlp:Status>
<samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
</samlp:Status>
<saml:Assertion Version="2.0" IssueInstant="6273" ID="wZT13pIVg8n60RZgGm_fWAhYNSP" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">
<saml:Issuer>http://xxxxxx.com/</saml:Issuer>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#wZT13pIVg8n60RZgGm_fWAhYNSP">
<ds:Transforms>
<ds:Transform Algorithm="http://www..w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>xxxxxxxxxxxxxxxxxxxxxxx</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
</ds:X509Certificate>
</ds:X509Data>
<ds:KeyValue>
<ds:RSAKeyValue>
<ds:Modulus>
xxxxxxxx
</ds:Modulus>
<ds:Exponent>xxx</ds:Exponent>
</ds:RSAKeyValue>
</ds:KeyValue>
</ds:KeyInfo>
</ds:Signature>
<saml:Subject>
<saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">staff</saml:NameID>
<saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
<saml:SubjectConfirmationData NotOnOrAfter=" " Recipient="https://xxxxxxxxx.com"/>
</saml:SubjectConfirmation>
</saml:Subject>
<saml:Conditions NotOnOrAfter="" NotBefore="">
<saml:AudienceRestriction>
<saml:Audience>http://xxxxxxxxxxxxxxxx.com</saml:Audience>
</saml:AudienceRestriction>
</saml:Conditions>
<saml:AuthnStatement AuthnInstant=" " SessionIndex="wZT13pIVg8n60RZgGm_fWAhYNSP">
<saml:AuthnContext>
<saml:AuthnContextClassRef></saml:AuthnContextClassRef>
</saml:AuthnContext>
</saml:AuthnStatement>
<saml:AttributeStatement xmlns:xs="http://www.w3.org/2001/XMLSchema">
<saml:Attribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" Name="role">
<saml:AttributeValue xsi:type="xs:string" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">http://xxxx.com/</saml:AttributeValue>
</saml:Attribute>
</saml:AttributeStatement>
</saml:Assertion>
</samlp:Response>

I have tried the below code in the .NET 3.5 web application and I am always getting the invalid signature message from the code. Please have a look in the code and suggest me.

Thanks in Advance.

XmlDocument doc = new XmlDocument();

doc.Load(Server.MapPath("SAML.xml"));

SignedXml signer = new CustomIdSignedXml(doc);

signer.AddReference(new Reference("#_d4559638-3abf-4433-9fad-b10f8a950351"));
// _d4559638-3abf-4433-9fad-b10f8a950351 is used as reference to DigestMethod & DigestValue.

signer.SigningKey = new RSACryptoServiceProvider();

signer.ComputeSignature();

string s = signer.GetXml().OuterXml;

SignedXml verifier = new CustomIdSignedXml(doc);

verifier.LoadXml(signer.GetXml());

if (verifier.CheckSignature(signer.SigningKey))
     Response.Write("Signature verified");
else
     Response.Write("Invalid signature");




AuthorReply
Re: How can validate SAML Assertion in .net
Posted By Jitendra Sampathirao on 30 Jun 2011  

Hi,
refer these links:

http://www.madaboutcode.com/blog/post/2010/8/8/12/Validating-a-SAML-assertion-in-net

http://xml.sys-con.com/node/1404876




If this post helped you, then tick the "Do you like this Answer" checkbox.

SPONSORED BY

Custom Software Development
MCN is your source for developing solutions involving websites, mobile apps, cloud-computing, databases, BI, back-end services and processes and client-server applications.