How to externally sign a PDF document using ASP.NET Core
Syncfusion Essential® PDF is a feature-rich and high-performance .NET PDF library used to create, read, and edit PDF documents programmatically without Adobe dependencies. This library also offers functionality to merge, split, stamp, form, compress, and secure PDF files. You can externally sign a PDF document using ASP.NET Core using this library.
Steps to externally sign a PDF document:
1. Create a new C# ASP.NET Core Web application project.
2. Enable the docker support and select the target OS as Linux.
3. Install the Syncfusion.Pdf.Net.Core and System.Security.Cryptography.OpenSsl NuGet packages as a reference to your .NET Core project from NuGet.org.
4. Add a new button (Create Document) in the Index.cshtml as shown in the following image.
@{Html.BeginForm("CreateDocument", "Home", FormMethod.Get);
{
<div>
<input type="submit" value="Create Document" style="width:150px;height:27px" />
</div>
}
Html.EndForm();
}
5. Include the following namespaces in the HomeController.cs file.
using Syncfusion.Drawing; using Syncfusion.Pdf; using Syncfusion.Pdf.Security; using System.Security.Cryptography; using System.Security.Cryptography.X509Certificates; using Syncfusion.Pdf.Parsing;
6. Add the following code sample to externally sign a PDF document
C#
string filePath = Path.Combine(_hostingEnvironment.ContentRootPath, "Data/PDF.pfx");
//Creates a new PDF document.
PdfDocument document = new PdfDocument();
//Creating the stream object.
MemoryStream stream = new MemoryStream();
//Save a document as a stream.
document.Save(stream);
//Close a document.
document.Close(true);
PdfLoadedDocument loadedDocument = new PdfLoadedDocument(stream);
//Creates a digital signature.
PdfSignature signature = new PdfSignature(loadedDocument, loadedDocument.Pages[0], null, "Signed");
//Creates a certificate instance from the PFX file with a private key.
X509Certificate2 digitalId = new X509Certificate2(filePath, "password123");
X509Chain chain = new X509Chain();
chain.Build(digitalId);
List<X509Certificate2> certificates = new List<X509Certificate2>();
for (int i = 0; i < chain.ChainElements.Count; i++)
{
certificates.Add(chain.ChainElements[i].Certificate);
}
//Sets the signature information.
signature.EnableLtv = true;
signature.AddExternalSigner(new ExternalSigner(digitalId), certificates, null);
signature.TimeStampServer = new TimeStampServer(new Uri("http://timestamp.entrust.net/TSS/RFC3161sha2TS"));
signature.EnableLtv = true;
signature.Settings.CryptographicStandard = CryptographicStandard.CADES;
signature.Settings.DigestAlgorithm = DigestAlgorithm.SHA256;
signature.Bounds = new RectangleF(0, 0, 200, 100);
MemoryStream memorystream = new MemoryStream();
loadedDocument.Save(memorystream);
//Set the position as '0.'
memorystream.Position = 0;
//Download a PDF document in a browser.
FileStreamResult fileStreamResult = new FileStreamResult(memorystream, "application/pdf");
fileStreamResult.FileDownloadName = "Sample.pdf";
return fileStreamResult;
internal class ExternalSigner : IPdfExternalSigner
{
public string HashAlgorithm => "SHA256";
X509Certificate2 digitalID;
public ExternalSigner(X509Certificate2 certificate)
{
digitalID = certificate;
}
public byte[] Sign(byte[] message, out byte[] timeStampResponse)
{
byte[] signedBytes = null;
//This condition is based on the provided certificate private key.
if (digitalID.PrivateKey is RSACng)
{
Console.WriteLine("RSACng");
RSACng rsa = (RSACng)digitalID.PrivateKey;
signedBytes = rsa.SignData(message, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1);
}
else if (digitalID.PrivateKey is RSACryptoServiceProvider)
{
Console.WriteLine("RSACryptoServiceProvider");
RSACryptoServiceProvider rsa = (RSACryptoServiceProvider)digitalID.PrivateKey;
signedBytes = rsa.SignData(message, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1);
}
else if (digitalID.PrivateKey is RSAOpenSsl
{
Console.WriteLine("RSAOpenSsl");
RSAOpenSsl rsa = (RSAOpenSsl)digitalID.PrivateKey;
signedBytes = rsa.SignData(message, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1);
}
timeStampResponse = null;
return signedBytes;
}
}
Build and run the application in Docker. It will pull the Linux docker image from the docker hub. After that, the webpage will be opened in a browser. Click the Create PDF button to sign a PDF document from the Linux docker externally.
By executing the program, you will get the PDF document as follows.
A complete work sample to sign a PDF document in the Linux docker container externally can be downloaded from CreatePdfSignatureSample.Zip.
Take a moment to peruse the documentation. You can find other options like drawing right-to-left and multi-column text, consuming TrueType, Standard, and CJK fonts. Also, the features like PDF form filling, extracting text or images from PDF and protecting PDF documents with code examples.
Click here to explore a rich set of Syncfusion Essential® PDF features.
Note:
A new version of Essential Studio® for ASP.NET is available. Versions prior to the release of Essential Studio® 2014, Volume 2 will now be referred to as classic versions. The new ASP.NET suite is powered by Essential Studio for JavaScript, providing client-side rendering of HTML5-JavaScript controls, offering better performance, and better support for touch interactivity. The new version includes all the features of the old version, so migration is easy.
The Classic controls can be used in existing projects; however, if you are starting a new project, we recommend using the latest version of Essential Studio® for ASP.NET. Although Syncfusion® will continue to support all Classic Versions, we are happy to assist you in migrating to the newest edition.
For current customers, you can check out our components from the License and Downloads page. If you are new to Syncfusion®, you can try our 30-day free trial to check out our other controls. If you have any queries or require clarifications, please let us know in the comments section below.
You can also contact us through our support forums or feedback portal. We are always happy to assist you!
