Subject: Singing an AuthnRequest with SHA-256
Date: 2020-03-12 22:53:15
From: Derek
Source: singing-authnrequest-sha-256-e9cf30bd-1c8d-4a9e-bb26-8eb2277d522b

When I enabled the SHA-256 algorithm in the advanced tab of relying party trust in ADFS settings and the 

Added the code below in global.asax

protected void Application_Start()

 private void LoadIdpCertificate()
            string certificatestring = GetSAMLCertificate();
            byte[] bytes = new byte[certificatestring.Length];
                for (int i = 0; i < certificatestring.Length; i  )
                    bytes[i] = (byte)certificatestring[i];
            if (certificatestring != string.Empty)
                CryptoConfig.AddAlgorithm(typeof(RSAPKCS1SHA256SignatureDescription), "");

                X509Certificate2 cert = new X509Certificate2(bytes, password, X509KeyStorageFlags.MachineKeySet);
                Application[IdPCertKey] = cert;

                if (password != string.Empty)
                    Application[SPKeyFile] = new X509Certificate2(Path.Combine(HttpRuntime.AppDomainAppPath   "/App_Data", SPKeyFile), password, X509KeyStorageFlags.MachineKeySet);

Added code below to make sign request

X509Certificate2 x509Certificate = (X509Certificate2)System.Web.HttpContext.Current.Application[MvcApplication.SPKeyFile]; 

But I m getting this error on ADFS server eventviewer.
Exception details: 
Microsoft.IdentityServer.Protocols.Saml.SamlProtocolSignatureAlgorithmMismatchException: MSIS7093: The message is not signed with expected signature algorithm. Message is signed with signature algorithm Expected signature algorithm


Note: This question has been asked on the Q&A forum of Thang Dang's fraudulent ComponentPro brand
If you purchased anything from ComponentPro, you have been scammed. Contact the payment processor
who sold you the license and ask for your money back.

Back to ComponentPro Q&A Forum Index