We have the following code working in .NET 4.6.2. SAMLAssertionSignature.Generate(samlAssertionElement, <<x509Certificate PrivateKey>>, x509Certificate);
On upgrade to .NET 4.7.1 we get
Exception: System.Security.Cryptography.CryptographicException Message: Invalid algorithm specified. Source: mscorlib at System.Security.Cryptography.CryptographicException.ThrowCryptographicException(Int32 hr) at System.Security.Cryptography.Utils.SignValue(SafeKeyHandle hKey, Int32 keyNumber, Int32 calgKey, Int32 calgHash, Byte[] hash, Int32 cbHash, ObjectHandleOnStack retSignature) at System.Security.Cryptography.Utils.SignValue(SafeKeyHandle hKey, Int32 keyNumber, Int32 calgKey, Int32 calgHash, Byte[] hash) at System.Security.Cryptography.RSACryptoServiceProvider.SignHash(Byte[] rgbHash, Int32 calgHash) at System.Security.Cryptography.Xml.SignedXml.ComputeSignature() at ComponentSpace.SAML2.XmlSignature.Generate(XmlElement xmlElement, String elementId, AsymmetricAlgorithm signingKey, KeyInfo keyInfo, SignedXml signedXml, String inclusiveNamespacesPrefixList, String digestMethod, String signatureMethod) We have added in App_Start the following lines. protected void Application_Start(object sender, EventArgs e) { ... AppContext.SetSwitch("Switch.System.Security.Cryptography.Xml.UseInsecureHashAlgorithms", true); AppContext.SetSwitch("Switch.System.Security.Cryptography.Pkcs.UseInsecureHashAlgorithms", true); } But no effect The signature algortihm of cert is SHA256
Any guidance? Ramani
|