I include a openssl.a in my xcode project, it can be build local, but xcode integrate server build failed when get it from git.
ld: warning: directory not found for option '-L/Users/sss/Documents/myapp/platforms/ios'
ld: library not found for -lssl
clang: error: linker command failed with exit code 1 (use -v to see invocation)


it is Library search path hard code issue.
I get to build setting, change both debug and release search path to $("SRCROOT"),

commit the project file change, and push it.
then run the bots from log view, all build successful.



 
Categories: Mobile | XCode iOS

this is a unsign saml response xml, the value need be change every submit was replaced by {time1} or {guid1}.
before sign the xml, those value will be update.  otherwise it will not pass the Saml validation.
If you got "Assertion was replayed" error. that because the time is not correct or AssertionId already be used.



After the Saml Xml build and signed, there is one more thing need change,
the RSA Saml Relay part only take the signature before the issuer, but the DotNet sign the xml and insert as the last Child, so we need additional code to make it work:

            SignXmlHelper.SignXml(xmlDoc, cert, "ID", guid1);
            //var item=  xmlDoc.GetElementsByTagName("Signature").Item(0);
            XmlElement xmlElement = xmlDoc.DocumentElement;
            var signatureNode = xmlElement.LastChild;
            xmlElement.InsertAfter(signatureNode, xmlElement.FirstChild);

            var outstr = xmlDoc.OuterXml;
Last notice:
 when you post the saml, in saml1, the target url is TargetUrl, but for saml2, it changed to relaystate

 
Categories: Asp.net | C# | Security

http://referencesource.microsoft.com/netframework.aspx

the download page only work under IE ;)

Available Source Code Components

 

Product NameVersionViewDownload
.NET8.0View EULADownload
dotnetfx1434_VistaWin2k8sp150727.1434View EULADownload
FXUpdate307450727.3074View EULADownload
ASP.NET_MVC1.0View EULADownload
WCF3.5SP1View EULADownload
WF3.5SP1View EULADownload
Dotnetfx_Vista_SP250727.4016View EULADownload
Dotnetfx_Win7_3.5.13.5.1View EULADownload
ASP.NET_MVC2.0View EULADownload
.Net4View EULADownload
.NET_3.5_sp1_redist50727.3053View EULADownload
ASP.NET_MVC3View EULADownload
Netfx_3.5.1_Win7SP13.5.1View EULADownload
NET4.5View EULADownload
Net4.5Update1View EULADownload


 
Categories: Asp.net | C# | MVC | Visual studio 10/up | WCF

issue:
when use JqueryMobie in form, after submit, if redirect, it will have 302 find error.
reason:
jquery ajax submit was fired.

solustion:

1. regular form, add data-ajax="false" in the from
2. MVC from,
 @using (Html.BeginForm(null,null,FormMethod.Post, new { data_ajax="false" }))

notice "data_ajax" in code bind, but it display data-ajax in the view.



 
Categories: JQuery | Mobile | MVC

Saml Response is Assertion xml with digital signature,
so , when get xml of Saml XML, and your x509 certificate,
you can use follow code to sign it.

Here is examples.
http://msdn.microsoft.com/en-us/library/ms229745%28v=vs.110%29.aspx

using System;
using System.Security.Cryptography;
using System.Security.Cryptography.Xml;
using System.Xml;

public class SignXML
{

    public static void Main(String[] args)
    {
        try
        {
            // Create a new CspParameters object to specify 
            // a key container.
            CspParameters cspParams = new CspParameters();
            cspParams.KeyContainerName = "XML_DSIG_RSA_KEY";

            // Create a new RSA signing key and save it in the container. 
            RSACryptoServiceProvider rsaKey = new RSACryptoServiceProvider(cspParams);

            // Create a new XML document.
            XmlDocument xmlDoc = new XmlDocument();

            // Load an XML file into the XmlDocument object.
            xmlDoc.PreserveWhitespace = true;
            xmlDoc.Load("test.xml");

            // Sign the XML document. 
            SignXml(xmlDoc, rsaKey);

            Console.WriteLine("XML file signed.");

            // Save the document.
            xmlDoc.Save("test.xml");



        }
        catch (Exception e)
        {
            Console.WriteLine(e.Message);
        }
    }


    // Sign an XML file.  
    // This document cannot be verified unless the verifying  
    // code has the key with which it was signed. 
    public static void SignXml(XmlDocument xmlDoc, RSA Key)
    {
        // Check arguments. 
        if (xmlDoc == null)
            throw new ArgumentException("xmlDoc");
        if (Key == null)
            throw new ArgumentException("Key");

        // Create a SignedXml object.
        SignedXml signedXml = new SignedXml(xmlDoc);

        // Add the key to the SignedXml document.
        signedXml.SigningKey = rsaKey;

        // Create a reference to be signed.
        Reference reference = new Reference();
        reference.Uri = "";

        // Add an enveloped transformation to the reference.
        XmlDsigEnvelopedSignatureTransform env = new XmlDsigEnvelopedSignatureTransform();
        reference.AddTransform(env);

        // Add the reference to the SignedXml object.
        signedXml.AddReference(reference);

        // Compute the signature.
        signedXml.ComputeSignature();

        // Get the XML representation of the signature and save 
        // it to an XmlElement object.
        XmlElement xmlDigitalSignature = signedXml.GetXml();

        // Append the element to the XML document.
        xmlDoc.DocumentElement.AppendChild(xmlDoc.ImportNode(xmlDigitalSignature, true));

    }
}


http://www.codeproject.com/Articles/56640/Performing-a-SAML-Post-with-C
public static XmlElement SignDoc(XmlDocument doc, X509Certificate2 cert2, 
              string referenceId, string referenceValue) {
    SamlSignedXml sig = new SamlSignedXml(doc, referenceId);
    // Add the key to the SignedXml xmlDocument. 
    sig.SigningKey = cert2.PrivateKey;

    // Create a reference to be signed. 
    Reference reference = new Reference();

    reference.Uri = String.Empty;
    reference.Uri = "#" + referenceValue;

    // Add an enveloped transformation to the reference. 
    XmlDsigEnvelopedSignatureTransform env = new
        XmlDsigEnvelopedSignatureTransform();
    XmlDsigC14NTransform env2 = new XmlDsigC14NTransform();

    reference.AddTransform(env);
    reference.AddTransform(env2);

    // Add the reference to the SignedXml object. 
    sig.AddReference(reference);

    // Add an RSAKeyValue KeyInfo
    // (optional; helps recipient find key to validate). 
    KeyInfo keyInfo = new KeyInfo();
    KeyInfoX509Data keyData = new KeyInfoX509Data(cert2);

    keyInfo.AddClause(keyData);
    
    sig.KeyInfo = keyInfo;

    // Compute the signature. 
    sig.ComputeSignature();

    // Get the XML representation of the signature
    // and save it to an XmlElement object. 
    XmlElement xmlDigitalSignature = sig.GetXml();

    return xmlDigitalSignature;
}

Signed xml sample:
http://www.aleksey.com/xmlsec/api/xmlsec-examples-sign-x509.html



 
Categories: Asp.net | C# | Security

if samlresponse is not encripted, it is very easy to decript it ans view it signature and data.

to Created the SamalResponse before submit the relaypart,  identity provider did
   string samlResponse = System.Convert.ToBase64String(Encoding.UTF8.GetBytes(requestParameters["assertion"]));
after it recevied the samlREsponse, the Service provide do
 var samlResponse =
                @"PHNhbWxwOlJlc3BvbnNlI...ZXNwb25zZT4=";
            XmlDocument SAMLXML = new XmlDocument();
            SAMLXML.LoadXml(System.Text.Encoding.UTF8.GetString(Convert.FromBase64String(samlResponse)));
so for more security, the assertion should also encripted by using public offer by service provider, just like below diabram


diagram come from:
http://devproconnections.com/development/generate-saml-tokens-using-windows-identity-foundation
http://devproconnections.com/development/generating-saml-tokens-wif-part-2


some example with source code,
https://github.com/covermymeds/saml-http-post-reference/


 
Categories: Asp.net | Security

I am working on the SAML authentication for our Mobile app,
get some resource to build my test SAML Identity Service Party

http://www.componentpro.com/download/?name=UltimateSaml
http://www.componentpro.com/doc/saml/Introduction_to_Single_Sign-On_Applications.html

http://www.componentspace.com/Downloads.aspx

to create private key and public key,
we can use Visualstudio command line makecert.exe, but easiest way is using the gui tool from:
http://blog.pluralsight.com/selfcert-create-a-self-signed-certificate-interactively-gui-or-programmatically-in-net

first save the rsa key to pfx file by use selfcert tool.

then you can import it and export to to cer file.
you need use "mmc" command and add certificate snap to view the certificates.

or you can use openssl (need install it first),

C:\Users\wsun>openssl pkcs12 -nokeys -clcerts -in ix.pfx -out ix.cer
Enter Import Password:
MAC verified OK


 
Categories: C# | Security | Visual studio 10/up