Technology Matters

When I used ComponentSpace SAML2 API to process the SAML message, I got the messsage expired error. The code I used to check if the message is expired or not is: if (!samlAssertion.Conditions.IsWithinTimePeriod()) {     // Message expired } It seems the IsWithinTimePeriod() function uses the local time to compare with NotBefore and NotOnOrAfter attributes in the SAML message. Since SAML message uses UTC time for all the datetime related attributes, the  IsWithinTimePeriod() function often returns false because of the big difference between local time and UTC time. In order to check if the message is expired or not, we cannot use the IsWithinTimePeriod() function. I used following code to check the exipiration: if (!(DateTime.Now.ToUniversalTime() > samlAssertion.Conditions.NotBefore && DateTime.Now.ToUniversalTime() < samlAssertion.Conditions.NotOnOrAfter)) {      // Message expired }

When I use the new X509Certificate2(fileName, password, X509KeyStorageFlags.DefaultKeySet) to create certificate from certificate file containing private key in my web application, I got following error message: System . Security . Cryptography . CryptographicException : The system cannot find the file specified . at System . Security . Cryptography . CryptographicException . ThrowCryptogaphicException ( Int32 hr ) at System . Security . Cryptography . X509Certificates . X509Utils . _LoadCertFromBlob ( Byte [] rawData , IntPtr password , UInt32 dwFlags , Boolean persistKeySet , SafeCertContextHandle & pCertCtx ) at System . Security . Cryptography . X509Certificates . X509Certificate . LoadCertificateFromBlob ( Byte [] rawData , Object password , X509KeyStorageFlags keyStorageFlags ) at System . Security . Cryptography . X509Certificates . X509Certificate2 .. ctor ( Byte [] rawData , String password , X509KeyStorageFlags keyStorageFlags ) In orde