Cryptography

Cryptography

关注
发信
关注(28)粉丝(399)

c# - 无法将类型为“System.Security.Cryptography.DSACryptoServiceProvider”的对象转换为类型为“System.Security.Cryptography.RSA”

我正在尝试通过本文后面的证书身份验证来获取saml令牌
How to pass a certificate to WSTrust to get Saml Token

像这样拨打电话时出现以下错误

var token = factory.CreateChannel().Issue(rst) as GenericXmlSecurityToken;



  无法转换类型的对象
  键入“ System.Security.Cryptography.DSACryptoServiceProvider”
  'System.Security.Cryptography.RSA'


我尝试了本文提到的cryptoconfig解决方案
https://dusted.codes/how-to-use-rsa-in-dotnet-rsacryptoserviceprovider-vs-rsacng-and-good-practise-patterns

它没有解决问题

这是完整的堆栈跟踪

Server stack trace:
 at System.Security.Cryptography.RSAPKCS1SignatureFormatter.SetKey(AsymmetricAlgorithm key)
at System.Security.Cryptography.SignatureDescription.CreateFormatter(AsymmetricAlgorithm key)
at System.Security.Cryptography.RSAPKCS1SignatureDescription.CreateFormatter(AsymmetricAlgorithm key)
at System.IdentityModel.Tokens.X509AsymmetricSecurityKey.GetSignatureFormatter(String algorithm)
at System.IdentityModel.SignedXml.ComputeSignature(SecurityKey signingKey)
at System.ServiceModel.Security.WSSecurityOneDotZeroSendSecurityHeader.CompletePrimarySignatureCore(SendSecurityHeaderElement[] signatureConfirmations, SecurityToken[] signedEndorsingTokens, SecurityToken[] signedTokens, SendSecurityHeaderElement[] basicTokens, Boolean isPrimarySignature)
at System.ServiceModel.Security.WSSecurityOneDotZeroSendSecurityHeader.CreateSupportingSignature(SecurityToken token, SecurityKeyIdentifier identifier)
at System.ServiceModel.Security.SendSecurityHeader.SignWithSupportingToken(SecurityToken token, SecurityKeyIdentifierClause identifierClause)
at System.ServiceModel.Security.SendSecurityHeader.SignWithSupportingTokens()
at System.ServiceModel.Security.SendSecurityHeader.CompleteSecurityApplication()
at System.ServiceModel.Security.SecurityAppliedMessage.OnWriteMessage(XmlDictionaryWriter writer)
at System.ServiceModel.Channels.BufferedMessageWriter.WriteMessage(Message message, BufferManager bufferManager, Int32 initialOffset, Int32 maxSizeQuota)
at System.ServiceModel.Channels.TextMessageEncoderFactory.TextMessageEncoder.WriteMessage(Message message, Int32 maxMessageSize, BufferManager bufferManager, Int32 messageOffset)
at System.ServiceModel.Channels.HttpOutput.SerializeBufferedMessage(Message message, Boolean shouldRecycleBuffer)
at System.ServiceModel.Channels.HttpOutput.Send(TimeSpan timeout)
at System.ServiceModel.Channels.HttpChannelFactory`1.HttpRequestChannel.HttpChannelRequest.SendRequest(Message message, TimeSpan timeout)
at System.ServiceModel.Channels.RequestChannel.Request(Message message, TimeSpan timeout)
at System.ServiceModel.Channels.SecurityChannelFactory`1.SecurityRequestChannel.Request(Message message, TimeSpan timeout)
at System.ServiceModel.Dispatcher.RequestChannelBinder.Request(Message message, TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)

Exception rethrown at [0]:
at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
at System.ServiceModel.Security.IWSTrustContract.Issue(Message message)
at System.ServiceModel.Security.WSTrustChannel.Issue(RequestSecurityToken rst, RequestSecurityTokenResponse& rstr)
at System.ServiceModel.Security.WSTrustChannel.Issue(RequestSecurityToken rst)
at TestClient.Program.GetSamlToken()


这是代码

private static string GetSamlToken()
    {
        "Requesting identity token".ConsoleYellow();
        var stsBinding = new WS2007HttpBinding();
        stsBinding.Security.Mode = SecurityMode.TransportWithMessageCredential;
        stsBinding.Security.Message.EstablishSecurityContext = false;
        stsBinding.Security.Message.NegotiateServiceCredential = false;
        stsBinding.Security.Message.ClientCredentialType = MessageCredentialType.Certificate;

        var factory = new WSTrustChannelFactory(
           stsBinding,
           "https://sometestservice.com/service");
        factory.TrustVersion = TrustVersion.WSTrust13;
        factory.Credentials.ClientCertificate.SetCertificate(System.Security.Cryptography.X509Certificates.StoreLocation.LocalMachine, System.Security.Cryptography.X509Certificates.StoreName.My,
            System.Security.Cryptography.X509Certificates.X509FindType.FindByThumbprint, "<cert_thumbprint_removed>");


        var rst = new RequestSecurityToken
        {
            RequestType = RequestTypes.Issue,
            KeyType = KeyTypes.Bearer,
            TokenType = TokenTypes.Saml2TokenProfile11,
            AppliesTo = new EndpointReference("urn:webapisecurity")
        };

        var token = factory.CreateChannel().Issue(rst) as GenericXmlSecurityToken;
        return token.TokenXml.OuterXml;
    }


我想念什么?

最佳答案

只是说明了核心库中的遗留假设量。看来您必须像How to: Change the Cryptographic Provider for an X.509 Certificate's Private Key中所述创建自己的X509AsymmetricSecurityKeyX509SecurityTokenSecurityTokenProviderClientCredentialsSecurityTokenManager扩展名。

关于c# - 无法将类型为“System.Security.Cryptography.DSACryptoServiceProvider”的对象转换为类型为“System.Security.Cryptography.RSA”,我们在Stack Overflow上找到一个类似的问题:https://stackoverflow.com/questions/50244875/

10-12 01:58
Powered by LMLPHP ©2024 Cryptography 0.029718