NullReferenceException on checksignature about aspnetsaml HOT 10 CLOSED

Note, the root cause is that the types registered at the ctor() RSAPKCS1SHA256SignatureDescription() are using "typeof(...).FullNameand deep in the signature verification on MS's side they doType.GetType(string)`. As this stack overflow hints, using the assembly qualified name instead works.
Thus changing the ctor() to:

        public RSAPKCS1SHA256SignatureDescription()
        {
            //https://stackoverflow.com/a/1825156/494125
            KeyAlgorithm = typeof(RSACryptoServiceProvider).AssemblyQualifiedName;
            DigestAlgorithm = typeof(SHA256Managed).AssemblyQualifiedName;   // Note - SHA256CryptoServiceProvider is not registered with CryptoConfig
            FormatterAlgorithm = typeof(RSAPKCS1SignatureFormatter).AssemblyQualifiedName;
            DeformatterAlgorithm = typeof(RSAPKCS1SignatureDeformatter).AssemblyQualifiedName;
        }

from aspnetsaml.

We've actually removed this code altogether, needed for pre-4.5 .NET versions anyway. Currently testing in production, will push updates here next week.

from aspnetsaml.

@alex-jitbit I got it working by removing all references to these:

RSAPKCS1SHA256SignatureDescription.Init()

There are two places in the code where that is called, and I commented them out and it works now.

I suspect that code conflicts with .net core / .net 5.

I hope that helps you and anyone else running into the problem.

from aspnetsaml.

So, signedXml is null in debug?

PS. The onelogin's samltool.com you mentioned does not verify signatures at all, so checking the response their - does not actually confirm validity

from aspnetsaml.

@alex-jitbit signedXml is not null:

ValidateSignatureReference() returns true and !isExpired == true, so we are good on those.

Noted on samltool.com. I tested it on https://8gwifi.org/samlverifysign.jsp - not sure if that site is better.

When I select these two options: https://s3.amazonaws.com/vo-random/ShareX/2020/11/chrome_RGe1ylqkfL.png - it passes.

from aspnetsaml.

Then probably the certificate is null. I haven't tested this on .NET Core a lot, will look into this

from aspnetsaml.

@alex-jitbit I'm waiting for your update

from aspnetsaml.

@ @admalledd Thank you

from aspnetsaml.

see #64. Looks like the referenced updates are available from source on github, but have not been published to nuget yet. It's fairly simple to swap out the nuget reference for a reference to the source code directly in your project.

from aspnetsaml.

Thank you, that worked

from aspnetsaml.