In the previous post, I showed how to verify XML digital signature using SignedXml object from namespace System.Security.Cryptography.Xml. However that method could only verify signatures signed by .Net and fails to verify a valid signature signed via front end using Javascript or a valid signature with custom transform nodes.
Chilkat is not a free library but it provides the ability to verify XML digital signature with any custom transformations.
Below is the same method with using Chilkat
public bool VerifyXmlDSigValue(string value)
{
var xmlDoc = new XmlDocument();
xmlDoc.LoadXml(value);
var verifier = new Chilkat.XmlDSig();
var success = verifier.LoadSignature(xmlDoc.InnerXml);
if (!success)
throw new Exception($"Chilkat error: {verifier.LastErrorText}");
var numSig = verifier.NumSignatures;
if (numSig == 0)
throw new InvalidOperationException("No signatures found");
for (int i = 0; i < numSig; i++)
{
verifier.Selector = i;
var verified = verifier.VerifySignature(true);
if (!verified)
return false;
}
return true;
}