SAML Assertion WriteXML issue in C#

Question

I've created an instance of a SamlAssertion, and added the the authorization statement and attribute statments to it, and now I want to print out the XML so I can do an HTTP post, but not all of the assertion is being outputed. What am I missing (I'm sure it's something bone-headed)?

Here is the code I'm using:

// Add the Statements to the SAML Assertion
   samlAssert.Statements.Add(samlAuthStatement);
   samlAssert.Statements.Add(samlAttrStatement);
   MemoryStream xmlStream = new MemoryStream();
   XmlDictionaryWriter xmlWriter = XmlDictionaryWriter.CreateTextWriter(xmlStream, System.Text.Encoding.UTF8);
   SamlSerializer samlAssertSerializer = new SamlSerializer();
   WSSecurityTokenSerializer secTokenSerializer = new WSSecurityTokenSerializer();
   samlAssert.WriteXml(xmlWriter, samlAssertSerializer, secTokenSerializer);

   xmlStream.Position = 0;
   StreamReader sr = new StreamReader(xmlStream, System.Text.Encoding.UTF8);
   string AssertStr = sr.ReadToEnd();
   TextBox1.Text = AssertStr;

But All that gets returned is this:

<saml:Assertion MajorVersion="1" MinorVersion="1" AssertionID="assertID" 
       Issuer="my Company" IssueInstant="2008-11-19T19:54:12.191Z" 
       xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion">
    <saml:Conditions NotBefore="2008-11-19T19:54:12.191Z" NotOnOrAfter="2008-11-19T19:59:12.191Z"/>
    <saml:AuthenticationStatement AuthenticationMethod="urn:oasis:names:tc:SAML:2.0:ac:classes:TimeSyncToken" 
             AuthenticationInstant="2008-11-19T19:54:12.191Z">
     <saml:Subject>
      <saml:NameIdentifier Format="cs-sstc-schema-assertion-1.1.xsd" NameQualifier="My company">xxxx</saml:NameIdentifier>
      <saml:SubjectConfirmation>
       <saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:bearer</saml:ConfirmationMethod>
      </saml:SubjectConfirmation>
     </saml:Subject>
     <saml:SubjectLocality IPAddress="x.x.x.x"/>
     </saml:

Answer 1

I am not sure if this is directly related to your case but this might be useful information related to re-serializing a SAML token

http://blogs.msdn.com/govindr/archive/2006/10/24/re-serialize-saml-token.aspx

Answer 2

If I had one advice to give you in this case it would be: always use using statements when working with IDisposable objects such as streams. In addition to automatically flushing streams it would also free resources in case of exception:

// Add the Statements to the SAML Assertion
samlAssert.Statements.Add(samlAuthStatement);
samlAssert.Statements.Add(samlAttrStatement);

var sb = new StringBuilder();
var settings = new XmlWriterSettings 
{
    OmitXmlDeclaration = true,
    Encoding = Encoding.UTF8
};
using (var stringWriter = new StringWriter(sb))
using (var xmlWriter = XmlWriter.Create(stringWriter, settings))
using (var dictionaryWriter = XmlDictionaryWriter.CreateDictionaryWriter(xmlWriter))
{
    var samlAssertSerializer = new SamlSerializer();
    var secTokenSerializer = new WSSecurityTokenSerializer();
    samlAssert.WriteXml(
        dictionaryWriter, 
        samlAssertSerializer, 
        secTokenSerializer
    );
}

TextBox1.Text = sb.ToString();