如何使用System.Cryptography解密EncryptedAssertion

本文介绍了如何使用System.Cryptography解密EncryptedAssertion的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！ 问题描述

身份提供者正在使用组件pro的功能对Saml断言进行加密

The Identity provider is encrypting the Saml Assertion using the functions of component pro

Dim encryptedSamlAssertion As New EncryptedAssertion(samlAssertion, encryptingCert, New System.Security.Cryptography.Xml.EncryptionMethod(SamlKeyAlgorithm.Aes256Cbc))

在服务提供商处，我试图解密断言.但是我不能使用component pro.我必须使用System.Security.Cryptography

At the Service Provider I am trying to Decrypt the assertion. But I cannot use component pro. I have to use System.Security.Cryptography

• X509证书用于加密和解密
• Aes256Cbc是加密算法

请帮助我提供更多有关如何使用X509Certificate和Aes256Cbc算法解密SamlAssertions的信息

Please help in providing me some more information on how can I achieve Decryption of SamlAssertions using X509Certificate and Aes256Cbc Algorithm

推荐答案

private class Saml2SSOSecurityTokenResolver : SecurityTokenResolver { List<SecurityToken> _tokens; public Saml2SSOSecurityTokenResolver(List<SecurityToken> tokens) { _tokens = tokens; } protected override bool TryResolveSecurityKeyCore(System.IdentityModel.Tokens.SecurityKeyIdentifierClause keyIdentifierClause, out System.IdentityModel.Tokens.SecurityKey key) { var token = _tokens[0] as X509SecurityToken; var myCert = token.Certificate; key = null; var ekec = keyIdentifierClause as EncryptedKeyIdentifierClause; if (ekec != null) { if (ekec.EncryptionMethod == "www.w3/2001/04/xmlenc#rsa-1_5") { var encKey = ekec.GetEncryptedKey(); var rsa = myCert.PrivateKey as RSACryptoServiceProvider; var decKey = rsa.Decrypt(encKey, false); key = new InMemorySymmetricSecurityKey(decKey); return true; } var data = ekec.GetEncryptedKey(); var id = ekec.EncryptingKeyIdentifier; } return true; } protected override bool TryResolveTokenCore(System.IdentityModel.Tokens.SecurityKeyIdentifierClause keyIdentifierClause, out System.IdentityModel.Tokens.SecurityToken token) { throw new NotImplementedException(); } protected override bool TryResolveTokenCore(System.IdentityModel.Tokens.SecurityKeyIdentifier keyIdentifier, out System.IdentityModel.Tokens.SecurityToken token) { throw new NotImplementedException(); } }