使用证书加密数据时，如何让 WIF 使用 RSA15? [英] How do I make WIF use RSA15 when encrypting data using a certificate?

查看：20 发布时间：2021/9/22 19:26:06 wcf wif

本文介绍了使用证书加密数据时，如何让 WIF 使用 RSA15?的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！

问题描述

我一直在研究 WCF 服务，该服务将返回 Base64 编码的字符串，实际上，它是一个完整的 SAML 响应 XML 文档.由于此信息将移交给供应商，因此我必须满足他们对 SAML 文档的外观和编码方式的要求.我无法获得满足他们要求的输出.

I have been working on a WCF service which will return a Base64 encoded string which is, in reality, a full SAML response XML document. Because this information will be handed off to a vendor, I have to meet their requirements for how the SAML document will look and be encoded. I am having trouble getting an output which meets their requirements.

我知道 WCF 和 WIF 一起应该可以帮助我.我最初使用 WIF 构建服务来创建 SAML 断言(令牌)和其他 C# 代码来生成最终的 SAML 文档.所有这些都有效并满足供应商的要求，除了 <EncryptedData>文档的节点.本节使用 AES256 和 RSAOAEP，但供应商需要 AES128 和 RSA15.因此，我正在寻找解决方案.任何帮助将不胜感激.

I know WCF and WIF together should help me. I originally built the service using WIF to create the SAML Assertions (token) and other C# code to generate the final SAML document. All of this works and meets the vendor's requirements except for the <EncryptedData> node of the document. This section uses AES256 and RSAOAEP but the vendor wants AES128 and RSA15. Thus, I am hunting for a resolution. Any help would be greatly appreciated.

这是一个步行.

该服务接受一个 GUID，用于调用数据库和返回字段.然后像这样使用它们:

The service takes in a GUID which is used to call the database and return fields. These are then used like so:

DataTable userData = GetDataForUser(userId);
List<Claim> claims = new List<Claim>()
{
    new Claim("ClientId", "NameOfClient")
};
foreach (DataRow row in userData.Rows)
{
    string memberId = row["MemberId"].ToString().Trim();
    string firstName = row["FirstName"].ToString().Trim();
    string lastName = row["LastName"].ToString().Trim();
    DateTime dob = Convert.ToDateTime(row["DateOfBirth"], CultureInfo.InvariantCulture);

    claims.Add(new Claim("MemberId", memberId));
    claims.Add(new Claim("FirstName", firstName));
    claims.Add(new Claim("LastName", lastName));
    claims.Add(new Claim("DOB", dob.ToString("MM/dd/yyyy")));
}

return claims;

然后我像这样创建一个 SecurityTokenDescriptor:

I then create a SecurityTokenDescriptor like this:

SecurityTokenDescriptor descriptor = new SecurityTokenDescriptor();

声明被添加到描述符中，如下所示:

The claims are added to the descriptor like so:

descriptor.Subject = new ClaimsIdentity(claims);

指示描述符像这样加密令牌:

The descriptor is instructed to encrypt the token like this:

descriptor.EncryptingCredentials = GetEncryptingCredentials();

GetEncryptingCredentials() 例程如下所示:

and the GetEncryptingCredentials() routine looks like this:

private EncryptedKeyEncryptingCredentials GetEncryptingCredentials()
{
    // Get the Encrypting Certificate
    X509Certificate2 encryptCert = CertificateHelper.FindSingleCertificate(StoreName.TrustedPeople, StoreLocation.LocalMachine, X509FindType.FindBySubjectDistinguishedName, "<<certificate stuff here >>", true);

    EncryptedKeyEncryptingCredentials encryptingCreds = new EncryptedKeyEncryptingCredentials(encryptCert);

    return encryptingCreds;
 }

所有这些都会生成一个令牌，当写入文件时会给我这个:

All of this generates a token which, when written to a file gives me this:

  <EncryptedAssertion xmlns="urn:oasis:names:tc:SAML:2.0:assertion">
    <xenc:EncryptedData Id="_16584ace-9f3e-4352-9fc9-f6db8b2e925c" Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
      <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc" />
      <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
        <e:EncryptedKey xmlns:e="http://www.w3.org/2001/04/xmlenc#">
          <e:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p">
            <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
          </e:EncryptionMethod>
          <KeyInfo>
            <o:SecurityTokenReference xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
              <X509Data>
                <X509IssuerSerial>
                  <X509IssuerName><!-- value --></X509IssuerName>
                  <X509SerialNumber><!-- value --></X509SerialNumber>
                </X509IssuerSerial>
              </X509Data>
            </o:SecurityTokenReference>
          </KeyInfo>
          <e:CipherData>
            <e:CipherValue><!-- value -->CipherValue>
          </e:CipherData>
        </e:EncryptedKey>
      </KeyInfo>
      <xenc:CipherData><xenc:CipherValue><!-- value --></xenc:CipherValue>
      </xenc:CipherData>
    </xenc:EncryptedData>
  </EncryptedAssertion>

很好，对吧?不.供应商需要<EncryptedData>部分具有以下子节点:

Great, right? Nope. The vendor needs the <EncryptedData> section to have the following child node:

<EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>

他们需要部分显示此内容:

And they need the <KeyInfo><EncryptedKey> section to show this:

<EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>

我在 GetEncryptingCredentials() 例程中尝试了我能想到的所有组合.没有任何事情产生预期的结果.我收到的最有希望的错误消息如下所示:

I have tried every combination I can think of within the GetEncryptingCredentials() routine. Nothing has produced the desired results. The most promising error message I receive looks like this:

ID4178:加密凭证中提供的SecurityTokenDescriptor 用于非对称密钥.您必须使用EncryptedKeyEncryptingCredentials 到加密令牌.

ID4178: The EncryptingCredentials provided in the SecurityTokenDescriptor is for an asymmetric key. You must use an EncryptedKeyEncryptingCredentials to encrypt the token.

有人有什么建议吗?不要害怕告诉我重新开始.没关系.我只需要让它工作.

Anyone have a suggestion? Don't be afraid to tell me to start all over. That's all right. I just need to get this to work.

提前致谢.

使用证书加密数据时，如何让 WIF 使用 RSA15? [英] How do I make WIF use RSA15 when encrypting data using a certificate?

问题描述

推荐答案

相关文章

其他开发最新文章

热门教程

热门工具

登录关闭

使用证书加密数据时，如何让 WIF 使用 RSA15? [英] How do I make WIF use RSA15 when encrypting data using a certificate?

问题描述

推荐答案

相关文章

其他开发最新文章

热门教程

热门工具

登录 关闭

登录关闭