>Steven Cheng[MSFT]" <st*****@online.microsoft.comwrote in message
>news:eC**************@TK2MSFTNGXA01.phx.gbl...
Hello again, Steven
As for the string length changing issue you mentioned here, would you
provide some further information about the client and server-side code
logic on how you pass the string into webservice message and where did you
check the string length?
So, I read an xml file from disk with this code:
Dim file As IO.TextReader = IO.File.OpenText(f)
Dim command As New LoadLogCommand
command.Content = file.ReadToEnd()
command.ContentOffset = 0
command.OriginalName = IO.Path.GetFileName(f)
command.TotalSize = command.Content.Length
The problem is with "Content". My LoadLogCommand inserts the code in an xml
document, with this internal sub:
Public Overrides Sub WriteXml(ByVal writer As System.Xml.XmlTextWriter)
writer.WriteStartElement("LoadLog")
writer.WriteElementString("OriginalName", Me.OriginalName)
writer.WriteElementString("ContentOffset", Me.ContentOffset.ToString)
writer.WriteElementString("Content", Me.Content)
writer.WriteElementString("TotalSize", Me.TotalSize.ToString)
writer.WriteEndElement() ' ActivityLog
End Sub
Then, the xml code is loaded to a webservice as a string parameter. The
signature is calculated on the string that contains the xml, with this code:
Dim rsa As New System.Security.Cryptography.RSACryptoServiceProvi der
rsa.FromXmlString(xmlKey)
Return rsa.SignData(Text.Encoding.UTF8.GetBytes(_xmlCache ), New
Security.Cryptography.SHA1CryptoServiceProvider)
The signature is passed to the webservice as an other byte() parameter.
The webservice gets the xml and the signature, and checks the signature with
this code:
Dim rsa As New System.Security.Cryptography.RSACryptoServiceProvi der
rsa.FromXmlString(xmlKey)
Dim hashAlg As New Security.Cryptography.SHA1CryptoServiceProvider
Return rsa.VerifyData(Text.Encoding.UTF8.GetBytes(xmlPack et), hashAlg,
signature)
This test fails because the xml I signed, and the xml I received, have
different length.
I noticed this, if can help you: I upload xml files created from .NET with
xml namespace's objects. These file work. Now I've opened a file with MS
Word, changed a value, saved it. This doesn't work, because the signature is
not validated.
Also, as you mentioned that you're added signing on the string, would you
also provide the code about how to sign the string? You can also test the
behavior by passing the string without performing any signing or encyption
against the SOAP message to see what happens.
It is the same. SOAP message is not encrypted, and the xml string and the
signature are passed as two distinct parameters.
Based on my experience, if the value remains the same on both side, it is
likely that the xml encoding make the string lengh different. For example,
for string that passed through SOAP message(xml document), those
particular
chars like (<, , / .... ) maybe html encoded to their escaped format
(like <, &rt; ....). So is there any paricular strings in the one
which raise the problem? You can test the behavior through different
string
contents.
Yes, the are xml documents so I think it's something related to this. But I
can't understant what is the problem, and why some xml files work, and some
others doesn't. The problem howevere is sure with the xml loaded from disk,
because if I remove it and I upload only the general xml (that is the xml I
create at runtime, where the xml loaded from disk is only the
\LoadLog\Content node ), upload works always.
thank you
