Problems with SignedXML in .NET

I am trying to sign a XML document using a Digital Signature. I have the certificate installed and the output seems to resemble the specification (EXCEPT the Namespace, which it seems is something I am not able to touch in .NET), however I am unable to get the WebService I am sending this to accept this, and it returns with the Error:

VerifyXml: Verification failed: Signature is not valid

I am NOT in control of this WebService and the supplier of this service claims that other people have no problem with this WebService.

I have also tried using this verification tool:

Which returns with the error: data do not match:signature do not match, ergo, I think I am doing something wrong.

My code looks like this:

X509Store store = new X509Store(StoreName.My);
X509Certificate2 cert = store.Certificates.Find(X509FindType.FindByThumbprint, "xxxxxx",

XmlDocument xmlDoc = new XmlDocument();
XmlNamespaceManager namespaces = new XmlNamespaceManager(xmlDoc.NameTable);
namespaces.AddNamespace("ns", "xxxx");

xmlDoc.PreserveWhitespace = false;
xmlDoc.Load(new XmlTextReader("C:\\Development\\testheader.xml"));

SignedXml signedXml = new SignedXml(xmlDoc);
signedXml.SigningKey = cert.PrivateKey;

Reference reference = new Reference();
reference.Uri = "";

XmlDsigEnvelopedSignatureTransform env = new XmlDsigEnvelopedSignatureTransform();

XmlDsigC14NTransform c14n = new XmlDsigC14NTransform();


KeyInfo keyInfo = new KeyInfo();
keyInfo.AddClause(new KeyInfoX509Data(cert));

signedXml.KeyInfo = keyInfo;


XmlNode parentNode = xmlDoc.SelectSingleNode("/ns:TopLevelNode", namespaces);
parentNode.InsertAfter(xmlDoc.ImportNode(signedXml.GetXml(), true),

if (xmlDoc.FirstChild is XmlDeclaration)

XmlTextWriter xmltw = new XmlTextWriter("C:\\Development\\test2.xml",
    new UTF8Encoding(false));

I have tried validating the SignedXML in .NET and this seems to validate, but since it is the language it is written in, I am not putting to much trust in this.

My specification looks like this:

<Signature xmlns="NonStandard">
    <CanonicalizationMethod Algorithm="" />
    <SignatureMethod Algorithm="" />
    <Reference URI="">
        <Transform Algorithm="" />
        <Transform Algorithm="" />
      <DigestMethod Algorithm="" />

Am I doing something obviously wrong? I am unsure of how important the Namespace is with regards to signing the XML, but since this seems to be a .NET "set in stone", I doubt this could be it?


  • The above code works as intended, just if anyone wants to know how to sign XML (other than the numerous examples there already are). There was a problem with the WebService.

