Can I verify an XML Signature from within a sandbox?
https://stackoverflow.com/questions/7843058
-
10-02-2021 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I have some code that retrieves some xml then tries to verify the xml signature. According to this post, the verification method of the SignedXml type requires full trust to perform xml signature verification. As my code needs to run in a sandbox, I do not have full trust and therefore a security exception is being thrown.
If this is the case, then are there other ways to verify an xml signature (preferably without needing to purchase 3rd party software)?
Solution
It seems that this is not possible. My work-around was to avoid relying on signed xml and add a hash. This is far less secure but the best I could do without utilizing any full-trust code.
OTHER TIPS
I think there is a way to do this if you don't need to use an XmlResolver.
The MSDN docs say "In version 1.1 of the.NET Framework, the caller must be fully trusted in order to specify an XmlResolver.". I'm running in a medium trust environment with .NET 4.5 and I can successfully set XmlResolver. Since I knew I would never need to resolve any external references in my XML document (explanation of what this means here) I was OK to set the SignedXml.Resolver to null. In my case this fixed the problem and allowed use of SignedXml in a shared hosting environment (GoDaddy).
Note if you wanted to use SecureXmlResolver you would need FullTrust.
