Asp.Net Core SAML Response Signature Validation

I'm working on a web application that needs to implement a SAML SSO using a third party idP (SP-initiated). I've reached the point where I am receiving the SAMLResponse from the idP which looks like this:

<?xml version="1.0" encoding="UTF-8"?>
<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" InResponseTo="63622fa6-9a00-4d39-9c92-791c3a1efc3f" IssueInstant="2017-12-04T13:47:30Z" ID="mjmobamignjdlgkpmkiijfbknamlbkadhkjcamhp" Version="2.0">
  <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"></saml:Issuer>
    <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
  <saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="gkifgihgclegelojncjfgegcddfncgdaefcjgbod" IssueInstant="2017-12-04T13:47:30Z" Version="2.0">
    <ds:Signature xmlns:ds="">
        <ds:CanonicalizationMethod Algorithm=""/>
        <ds:SignatureMethod Algorithm=""/>
        <ds:Reference URI="#gkifgihgclegelojncjfgegcddfncgdaefcjgbod">
            <ds:Transform Algorithm=""/>
            <ds:Transform Algorithm=""/>
          <ds:DigestMethod Algorithm=""/>
          <ds:X509IssuerName>CN=Symantec Class 3 Secure Server CA - G4,OU=Symantec Trust Network,O=Symantec Corporation,C=US</ds:X509IssuerName>
      <saml:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified">C229699</saml:NameID>
      <saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
        <saml:SubjectConfirmationData InResponseTo="63622fa6-9a00-4d39-9c92-791c3a1efc3f" NotOnOrAfter="2017-12-04T13:57:30Z" Recipient=""/>
    <saml:Conditions NotBefore="2017-12-04T13:42:30Z" NotOnOrAfter="2017-12-04T13:57:30Z">
    <saml:AuthnStatement AuthnInstant="2017-12-04T13:47:30Z" SessionIndex="gkifgihgclegelojncjfgegcddfncgdaefcjgbod">
      <saml:Attribute Name="UserID" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">

It's a requirement that it's a manual implementation targeting netcoreapp2.0 so I have been trying to come up with the proper solution for validating the Signature value that's being provided. This doc, How to: Verify the Digital Signatures of XML Documents, was helpful in explaining some of the process but my implementation of SSO requires additional validations.

To pull the xml form from the SAML Response I have the following chunk:

var samlResponse = Request.Form["SAMLResponse"];
var toBytes = Convert.FromBase64String(samlResponse);
string decodedString = 

Just for a quick reference without opening the above link this is what the code looks like (using my sample values/variables where applicable):

CspParameters cspParams = new CspParameters();
cspParams.KeyContainerName = "XML_DSIG_RSA_KEY";

// Create a new RSA signing key and save it in the container. 
RSACryptoServiceProvider rsaKey = new RSACryptoServiceProvider(cspParams);

// Create a new XML document.
XmlDocument xmlDoc = new XmlDocument();

// Load an XML file into the XmlDocument object.
xmlDoc.PreserveWhitespace = true;

// Verify the signature of the signed XML.
Console.WriteLine("Verifying signature...");
bool result = VerifyXml(xmlDoc, rsaKey);

// Display the results of the signature verification to 
// the console.
if (result)
    Console.WriteLine("The XML signature is valid.");
    Console.WriteLine("The XML signature is not valid.");

public static Boolean VerifyXml(XmlDocument Doc, RSA Key)
    // Check arguments.
    if (Doc == null)
        throw new ArgumentException("Doc");
    if (Key == null)
        throw new ArgumentException("Key");

    // Create a new SignedXml object and pass it
    // the XML document class.
    SignedXml signedXml = new SignedXml(Doc);

    // Find the "Signature" node and create a new
    // XmlNodeList object.
    XmlNodeList nodeList = Doc.GetElementsByTagName("Signature");

    // Throw an exception if no signature was found.
    if (nodeList.Count <= 0)
        throw new CryptographicException("Verification failed: No Signature was found in the document.");

    // This example only supports one signature for
    // the entire XML document.  Throw an exception 
    // if more than one signature was found.
    if (nodeList.Count >= 2)
        throw new CryptographicException("Verification failed: More that one signature was found for the document.");

    // Load the first <signature> node.  

    // Check the signature and return the result.
    return signedXml.CheckSignature(Key);

UPDATE: Working solution for my manual implementation of SAML SSO in Asp.Net Core 2.0: First I have the below method named "VerifyXml" to verify the signature of the Xml document that is retrieved from the SAML Response form data. I then verify the X509 Certificate in my AccountController code as @Evk (thanks again for the help) points out that simply verifying the signature is not enough, in this case, to prevent arbitrary SAML Responses from being sent and accepted. On top of verifying those two values, in my case, I also need to validate the "InResponseTo" parameter matches the value generated by my web app (the SP) within a reasonable period of time. Generally, a login shouldn't take a long time so you could, for instance, create a task to forget AuthnRequest IDs that were generated and issued by your web app after a certain amount of time that's passed; say a minute or a time period that's applicable for you (Didn't include this code in the answer).

public static bool VerifyXml(XmlDocument Doc)
    // Check document isn't null.
    if (Doc == null) 
        throw new ArgumentException("Doc");    
    SignedXml signedXml = new SignedXml(Doc);
    var nsManager = new XmlNamespaceManager(Doc.NameTable);
    nsManager.AddNamespace("ds", "");
    var node = Doc.SelectSingleNode("//ds:Signature", nsManager);
    return signedXml.CheckSignature();
/* ******* CONTROLLER CODE ******* */
SignedXml signedXml = new SignedXml(xdoc);
var nsManager = new XmlNamespaceManager(xdoc.NameTable);
nsManager.AddNamespace("ds", "");
var certElement = xdoc.SelectSingleNode("//ds:X509Certificate", nsManager);
/* Convert the received X509 Certificate into a new X509Certificate2 object. */
var certReceived = new X509Certificate2(Convert.FromBase64String(certElement.InnerText));
/* Load the pre-shared X509 Certificate from the idP metadata file. I have it stored in a secure database (You DO NOT want this stored in an easily accessible place, especially for production, in the project as it contains sensitive information). */
var loadSafeCert = _context.StoredMetadata.Where(metadata => idPMetadata.Certificate == "Certificate").FirstOrDefault();
/* Create a new X509Certificate2 using the value of the pre-defined certificate. */    
var safeCertificate = new X509Certificate2(Convert.FromBase64String(loadSafeCert.ConfigurationValue));    
/* Compare the received X509 Certificate value vs the pre-defined X509 Certificate value to ensure the validity. */
if (certReceived.GetPublicKeyString() == safeCertificate.GetPublicKeyString())
{ /* Store/get attributes, authenticate user, etc here */ }


  • Try to verify signature like this (your does not verify for me, but that might be caused by changes made while posting it here):

    public static bool VerifyXml(XmlDocument Doc) {
        if (Doc == null)
            throw new ArgumentException("Doc");
        SignedXml signedXml = new SignedXml(Doc);
        var nsManager = new XmlNamespaceManager(Doc.NameTable);
        nsManager.AddNamespace("ds", "");
        var node = Doc.SelectSingleNode("//ds:Signature", nsManager);
        // find signature node
        var certElement = Doc.SelectSingleNode("//ds:X509Certificate", nsManager);
        // find certificate node
        var cert = new X509Certificate2(Convert.FromBase64String(certElement.InnerText));            
        return signedXml.CheckSignature(cert);

    If that doesn't work, also try the same but call

    return signedXml.CheckSignature();

    instead of

    return signedXml.CheckSignature(cert);

    Note that just verifying this signature is not enough to ensure that response has not been tampered with. You verify signature using key provided in response itself (X509Data), which means attacker could have intercepted response, extracted information and resigned it with his own key, so signature will be valid, but key it was signed with will be not. So after extracting certificate (or you can use signedXml.CheckSignatureReturningKey method to get public key related to signature) you need to verify that it's valid and that it's certificate you are expecting (for example by comparing its hash with hash of certificate you expect).