So, the problem is how to sign a message using a personal certificate on Australia's Medicare iKey in a browser and being able to verify the signature in a web app. Well, it is more complicated than that but this was the basic problem to start with.
The signing part was relatively simple PKCS#11 using an applet example from Svetlin Nakov (http://www.nakov.com) - the iKey is a SafeNet one (Medicare use a smart card, the 2032, 3000 and 1000 (?) iKey) and comes with a PKCS#11 driver (dkck20.dll).
Note: I did find that the SHA1withRSA didn't work and I used MD5withRSA instead.
The issue was how to verify the signature in C#. I had the X509 public key from the iKey (or you can get it from the Healthcare Public Directory). Searching for how to initialise the RSA Cryptographic Provider from the X509 certificate took me forever until I hit the magic sequence of terms and it turned out to be surprisingly simple. In .Net 35 there is a class X509Certificate2 which can be initialised from the path name for the public key.
A property of the class, PublicKey.Key gives you an initialised RSACryptoServiceProvider which can then be used to verify the data (specifying MD5 as the hashing algorithm).