I include a openssl.a in my xcode project, it can be build local, but xcode integrate server build failed when get it from git.
ld: warning: directory not found for option '-L/Users/sss/Documents/myapp/platforms/ios'
ld: library not found for -lssl
clang: error: linker command failed with exit code 1 (use -v to see invocation)

it is Library search path hard code issue.
I get to build setting, change both debug and release search path to $("SRCROOT"),

commit the project file change, and push it.
then run the bots from log view, all build successful.

Categories: Mobile | XCode iOS

this is a unsign saml response xml, the value need be change every submit was replaced by {time1} or {guid1}.
before sign the xml, those value will be update.  otherwise it will not pass the Saml validation.
If you got "Assertion was replayed" error. that because the time is not correct or AssertionId already be used.

After the Saml Xml build and signed, there is one more thing need change,
the RSA Saml Relay part only take the signature before the issuer, but the DotNet sign the xml and insert as the last Child, so we need additional code to make it work:

            SignXmlHelper.SignXml(xmlDoc, cert, "ID", guid1);
            //var item=  xmlDoc.GetElementsByTagName("Signature").Item(0);
            XmlElement xmlElement = xmlDoc.DocumentElement;
            var signatureNode = xmlElement.LastChild;
            xmlElement.InsertAfter(signatureNode, xmlElement.FirstChild);

            var outstr = xmlDoc.OuterXml;
Last notice:
 when you post the saml, in saml1, the target url is TargetUrl, but for saml2, it changed to relaystate

Categories: Asp.net | C# | Security


the download page only work under IE ;)

Available Source Code Components


Product NameVersionViewDownload
.NET8.0View EULADownload
dotnetfx1434_VistaWin2k8sp150727.1434View EULADownload
FXUpdate307450727.3074View EULADownload
ASP.NET_MVC1.0View EULADownload
WCF3.5SP1View EULADownload
WF3.5SP1View EULADownload
Dotnetfx_Vista_SP250727.4016View EULADownload
Dotnetfx_Win7_3. EULADownload
ASP.NET_MVC2.0View EULADownload
.Net4View EULADownload
.NET_3.5_sp1_redist50727.3053View EULADownload
Netfx_3.5.1_Win7SP13.5.1View EULADownload
NET4.5View EULADownload
Net4.5Update1View EULADownload

Categories: Asp.net | C# | MVC | Visual studio 10/up | WCF

when use JqueryMobie in form, after submit, if redirect, it will have 302 find error.
jquery ajax submit was fired.


1. regular form, add data-ajax="false" in the from
2. MVC from,
 @using (Html.BeginForm(null,null,FormMethod.Post, new { data_ajax="false" }))

notice "data_ajax" in code bind, but it display data-ajax in the view.

Categories: JQuery | Mobile | MVC

Saml Response is Assertion xml with digital signature,
so , when get xml of Saml XML, and your x509 certificate,
you can use follow code to sign it.

Here is examples.

using System;
using System.Security.Cryptography;
using System.Security.Cryptography.Xml;
using System.Xml;

public class SignXML

    public static void Main(String[] args)
            // Create a new CspParameters object to specify 
            // a key container.
            CspParameters cspParams = new CspParameters();
            cspParams.KeyContainerName = "XML_DSIG_RSA_KEY";

            // Create a new RSA signing key and save it in the container. 
            RSACryptoServiceProvider rsaKey = new RSACryptoServiceProvider(cspParams);

            // Create a new XML document.
            XmlDocument xmlDoc = new XmlDocument();

            // Load an XML file into the XmlDocument object.
            xmlDoc.PreserveWhitespace = true;

            // Sign the XML document. 
            SignXml(xmlDoc, rsaKey);

            Console.WriteLine("XML file signed.");

            // Save the document.

        catch (Exception e)

    // Sign an XML file.  
    // This document cannot be verified unless the verifying  
    // code has the key with which it was signed. 
    public static void SignXml(XmlDocument xmlDoc, RSA Key)
        // Check arguments. 
        if (xmlDoc == null)
            throw new ArgumentException("xmlDoc");
        if (Key == null)
            throw new ArgumentException("Key");

        // Create a SignedXml object.
        SignedXml signedXml = new SignedXml(xmlDoc);

        // Add the key to the SignedXml document.
        signedXml.SigningKey = rsaKey;

        // Create a reference to be signed.
        Reference reference = new Reference();
        reference.Uri = "";

        // Add an enveloped transformation to the reference.
        XmlDsigEnvelopedSignatureTransform env = new XmlDsigEnvelopedSignatureTransform();

        // Add the reference to the SignedXml object.

        // Compute the signature.

        // Get the XML representation of the signature and save 
        // it to an XmlElement object.
        XmlElement xmlDigitalSignature = signedXml.GetXml();

        // Append the element to the XML document.
        xmlDoc.DocumentElement.AppendChild(xmlDoc.ImportNode(xmlDigitalSignature, true));


public static XmlElement SignDoc(XmlDocument doc, X509Certificate2 cert2, 
              string referenceId, string referenceValue) {
    SamlSignedXml sig = new SamlSignedXml(doc, referenceId);
    // Add the key to the SignedXml xmlDocument. 
    sig.SigningKey = cert2.PrivateKey;

    // Create a reference to be signed. 
    Reference reference = new Reference();

    reference.Uri = String.Empty;
    reference.Uri = "#" + referenceValue;

    // Add an enveloped transformation to the reference. 
    XmlDsigEnvelopedSignatureTransform env = new
    XmlDsigC14NTransform env2 = new XmlDsigC14NTransform();


    // Add the reference to the SignedXml object. 

    // Add an RSAKeyValue KeyInfo
    // (optional; helps recipient find key to validate). 
    KeyInfo keyInfo = new KeyInfo();
    KeyInfoX509Data keyData = new KeyInfoX509Data(cert2);

    sig.KeyInfo = keyInfo;

    // Compute the signature. 

    // Get the XML representation of the signature
    // and save it to an XmlElement object. 
    XmlElement xmlDigitalSignature = sig.GetXml();

    return xmlDigitalSignature;

Signed xml sample:

Categories: Asp.net | C# | Security

if samlresponse is not encripted, it is very easy to decript it ans view it signature and data.

to Created the SamalResponse before submit the relaypart,  identity provider did
   string samlResponse = System.Convert.ToBase64String(Encoding.UTF8.GetBytes(requestParameters["assertion"]));
after it recevied the samlREsponse, the Service provide do
 var samlResponse =
            XmlDocument SAMLXML = new XmlDocument();
so for more security, the assertion should also encripted by using public offer by service provider, just like below diabram

diagram come from:

some example with source code,

Categories: Asp.net | Security

I am working on the SAML authentication for our Mobile app,
get some resource to build my test SAML Identity Service Party



to create private key and public key,
we can use Visualstudio command line makecert.exe, but easiest way is using the gui tool from:

first save the rsa key to pfx file by use selfcert tool.

then you can import it and export to to cer file.
you need use "mmc" command and add certificate snap to view the certificates.

or you can use openssl (need install it first),

C:\Users\wsun>openssl pkcs12 -nokeys -clcerts -in ix.pfx -out ix.cer
Enter Import Password:
MAC verified OK

Categories: C# | Security | Visual studio 10/up