SignedXml.CheckSignature fails in .NET 4 but it works in .NET 3.5, 3 or 2

Question

I have a response from a 3-rd party web service. I load an XmlDocument with that response.

  string txt = readStream.ReadToEnd();
  response = new XmlDocumen         


        

Answer 1

I had the same problem but none of those answers helped me. In this case it works or not depending on the operative system I used, not on the .Net version.

I've enabled the SignedXML log by adding this code in the app.config to see what happened behind:

It wrote this particular line:

System.Security.Cryptography.Xml.SignedXml Information: 17 : [SignedXml#033ec00f, UnsafeTransformMethod] Canonicalization method "http://www.w3.org/TR/1999/REC-xpath-19991116" is not on the safe list. Safe canonicalization methods are: "http://www.w3.org/TR/2001/REC-xml-c14n-20010315", "http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments", "http://www.w3.org/2001/10/xml-exc-c14n#", "http://www.w3.org/2001/10/xml-exc-c14n#WithComments", "http://www.w3.org/2000/09/xmldsig#enveloped-signature", "http://www.w3.org/2000/09/xmldsig#base64", "urn:mpeg:mpeg21:2003:01-REL-R-NS:licenseTransform", "http://www.w3.org/2002/07/decrypt#XML".

I found this Microsoft Support article which tries to fix an error introduced by the security update 3141780: https://support.microsoft.com/en-us/kb/3148821

Into that article, in Scenario 2 section, there are 2 solutions, I fixed the problem applying the registry key related to the XPath Transform Method: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft.NETFramework\Security\SafeTransformMethods@XmlDsigXPathTransform=http://www.w3.org/TR/1999/REC-xpath-19991116