How do I call Amazon's Book API in C#? - c#

I am trying to query Amazon's Web Service (AWS) Books API in C#. I read the related posts on Stackoverflow with no luck. I still get the error: "The remote server returned an error: (403) Forbidden". I encoded all +'s and ='s. What am I doing wrong here please?
public const string ACCESSKEY = "xxxxx"; // Replace with Actual Access Key
public const string SECRETKEY = "zzzzz"; // Replace with Actual Secret Key
public void ProcessRequest(HttpContext context)
{
string ts = DateTime.UtcNow.ToString("s");
string url = "http://webservices.amazon.com/onca/xml?";
string req = "AWSAccessKeyId=" + ACCESSKEY + "&Condition=All&IdType=ASIN&ItemId=B00008OE6I&Operation=ItemLookup&ResponseGroup=OfferFull&Service=AWSECommerceService";
req = req + "&Timestamp=" + URLEncode(ts + "Z").ToUpper();
string s = "GET\nwebservices.amazon.com\n/onca/xml\n" + req;
Util.Write(s);
Util.Write("");
string hash = HashString(s);
req = req + "&Signature=" + hash;
url = url + req;
Util.Write(url);
Util.Write("");
string blob = XGetBlobAtURL(url);
Util.Write(blob);
}
private string URLEncode(string s)
{
return(HttpContext.Current.Server.UrlEncode(s));
}
private string XGetBlobAtURL(string url, string useragent = "")
{
string blob = "";
try
{
WebClient wc = new WebClient();
if (!Util.IsEmpty(useragent)) { wc.Headers["User-Agent"] = useragent; }
blob = wc.DownloadString(url);
wc.Dispose();
}
catch(Exception e)
{
Util.Write(e.ToString());
}
return (blob);
}
private string HashString(string s)
{
System.Text.ASCIIEncoding encoding = new System.Text.ASCIIEncoding();
byte[] keyByte = encoding.GetBytes(URLEncode(SECRETKEY));
HMACSHA256 hmasha256 = new HMACSHA256(keyByte);
byte[] messageBytes = encoding.GetBytes(s);
byte[] hashmessage = hmasha256.ComputeHash(messageBytes);
string s2 = ByteToString(hashmessage);
return (URLEncode(s2));
}
private string ByteToString(byte[] buff)
{
string sbinary = "";
for (int i = 0; i < buff.Length; i++)
{
sbinary += buff[i].ToString("X2"); // hex format
}
return (sbinary);
}

Solution by OP.
I figured out what I was doing wrong. I had to: Base64 encode the HMASHA256 hash, add missing fields on the query string to Amazon's Book API, and uppercase the URLEncoded %XX without uppercasing the rest of the string. The code posted below now works and matches Amazon's documentation at: http://docs.aws.amazon.com/AWSECommerceService/latest/DG/rest-signature.html
public const string ACCESSKEY = "xxxxx";
public const string SECRETKEY = "zzzzz";
public const string TAG = "ccccc";
private XmlDocument XML;
public void ProcessRequest(HttpContext context)
{
string ts = DateTime.UtcNow.ToString("s");
string url = "http://webservices.amazon.com/onca/xml?";
string req = "AWSAccessKeyId=" + ACCESSKEY + "&AssociateTag=" + TAG;
// Search by ISBN:
req = req + "&Condition=All&IdType=ISBN&ItemId=0596004923&Operation=ItemLookup&ResponseGroup=Small&SearchIndex=Books&Service=AWSECommerceService";
string tsq = "&Timestamp=" + URLEncode(ts + "Z").ToUpper();
string s = "GET\nwebservices.amazon.com\n/onca/xml\n" + req + tsq;
string hash = HashString(s);
req = req + tsq + "&Signature=" + hash;
url = url + req;
ReadXML(url);
WriteXML();
}
private void ReadXML(string url)
{
XML = new XmlDocument();
XML.Load(url);
}
private void WriteXML()
{
HttpContext.Current.Response.Clear();
HttpContext.Current.Response.ContentType = "text/xml";
HttpContext.Current.Response.CacheControl = "no-cache";
HttpContext.Current.Response.Write(XML.OuterXml);
HttpContext.Current.Response.End();
}
private string UCaseUrlEncode(string s)
{
char[] x = HttpUtility.UrlEncode(s).ToCharArray();
for (int i = 0; i < x.Length - 2; i++)
{
if (x[i] == '%')
{
x[i+1] = char.ToUpper(x[i+1]);
x[i+2] = char.ToUpper(x[i+2]);
}
}
return new string(x);
}
private string URLEncode(string s)
{
return(HttpContext.Current.Server.UrlEncode(s));
}
private string URLDecode(string s)
{
return (HttpContext.Current.Server.UrlDecode(s));
}
private string HashString(string s)
{
System.Text.ASCIIEncoding encoding = new System.Text.ASCIIEncoding();
byte[] keyByte = encoding.GetBytes(SECRETKEY);
byte[] messageBytes = encoding.GetBytes(s);
HMACSHA256 hmasha256 = new HMACSHA256(keyByte);
byte[] hashmessage = hmasha256.ComputeHash(messageBytes);
return (UCaseUrlEncode(Convert.ToBase64String(hashmessage)));
}
private string ByteToString(byte[] buff)
{
string sbinary = "";
for (int i = 0; i < buff.Length; i++)
{
sbinary += buff[i].ToString("X2"); // hex format
}
return (sbinary);
}

Related

Orderhive AWS4 Signature not match

I'm tring to connect to AWS4 Signature method for authentication.
(https://orderhive.docs.apiary.io/#introduction/api-requirements/end-point)
My id_token and refresh_token retreive the access_key_id, secret_key, and session_token.
But when I try to retreive some information like the warehouse, I receive each time:
"message":"The request signature we calculated does not match the
signature you provided. Check your AWS Secret Access Key and signing
method. Consult the service documentation for details.
The String-to-Sign should have been
'AWS4-HMAC-SHA256
20211217T160055Z
20211217/us-east-1/execute-api/aws4_request
8e3dbc663f97508406c4825b74a647765022ae021fa224754701722b7bcf2288'
And I am using this code like others have done before me in some example.
public const string SCHEME = "AWS4";
public const string ALGORITHM = "HMAC-SHA256";
public const string TERMINATOR = "aws4_request";
public const string ISO8601BasicFormat = "yyyyMMddTHHmmssZ";
public const string DateStringFormat = "yyyyMMdd";
public const string X_Amz_Date = "X-Amz-Date";
public const string RegionName = "us-east-1";
public const string ServiceName = "execute-api";
public const string ContentType = "application/json";
public const string SignedHeaders = "content-type;host;id_token;x-amz-date;x-amz-security-token";
public const string X_Amz_Content_SHA256 = "X-Amz-Content-SHA256";
private Account account;
public void GetWarehouse()
{
try
{
WebRequest webRequest = RequestGet("/setup/warehouse", "", "");
using (WebResponse response = webRequest.GetResponse())
{
StreamReader responseReader = new StreamReader(response.GetResponseStream());
string jsonResponse = responseReader.ReadToEnd();
}
}
catch (Exception ex)
{}
}
public WebRequest RequestGet(string canonicalUri, string canonicalQueriString, string jsonString)
{
string hashedRequestPayload = CreateRequestPayload("");
string authorization = Sign(hashedRequestPayload, "GET", canonicalUri, canonicalQueriString);
string requestDate = DateTime.UtcNow.ToString(ISO8601BasicFormat, CultureInfo.InvariantCulture);
WebRequest webRequest = WebRequest.Create("https://" + Host + canonicalUri);
webRequest.Method = "GET";
webRequest.ContentType = ContentType;
webRequest.Headers.Add("id_token", account.id_token);
webRequest.Headers.Add("X-Amz-Security-Token", account.session_token);
webRequest.Headers.Add(X_Amz_Date, requestDate);
webRequest.Headers.Add("Authorization", authorization);
webRequest.Headers.Add(X_Amz_Content_SHA256, hashedRequestPayload);
return webRequest;
}
private string Sign(string hashedRequestPayload, string requestMethod, string canonicalUri, string canonicalQueryString)
{
var currentDateTime = DateTime.UtcNow;
var accessKey = account.access_key_id;
var secretKey = account.secret_key;
var dateStamp = currentDateTime.ToString(DateStringFormat);
var requestDate = currentDateTime.ToString(ISO8601BasicFormat, CultureInfo.InvariantCulture);
var credentialScope = string.Format("{0}/{1}/{2}/{3}", dateStamp, RegionName, ServiceName, TERMINATOR);
var headers = new SortedDictionary<string, string> {
{ "content-type", ContentType },
{ "host", Host },
{ X_Amz_Date, requestDate.ToString() }
};
string canonicalHeaders = string.Join("\n", headers.Select(x => x.Key.ToLowerInvariant() + ":" + x.Value.Trim())) + "\n";
// Task 1: Create a Canonical Request For Signature Version 4
string canonicalRequest = requestMethod + "\n" + canonicalUri + "\n" + canonicalQueryString + "\n" + canonicalHeaders + "\n" + SignedHeaders + "\n" + hashedRequestPayload;
Console.WriteLine("\nCanonicalRequest:\n{0}", canonicalRequest);
string hashedCanonicalRequest = HexEncode(Hash(ToBytes(canonicalRequest)));
// Task 2: Create a String to Sign for Signature Version 4
string stringToSign = SCHEME + "-" + ALGORITHM + "\n" + requestDate + "\n" + credentialScope + "\n" + hashedCanonicalRequest;
Console.WriteLine("\nStringToSign:\n{0}", stringToSign);
// Task 3: Calculate the AWS Signature Version 4
byte[] signingKey = GetSignatureKey(secretKey, dateStamp, RegionName, ServiceName);
string signature = HexEncode(HmacSHA256(stringToSign, signingKey));
Console.WriteLine("\nSignature:\n{0}", signature);
// Task 4: Prepare a signed request
// Authorization: algorithm Credential=access key ID/credential scope, SignedHeadaers=SignedHeaders, Signature=signature
string authorization = string.Format("{0} Credential={1}/{2}/{3}/{4}/{5}, SignedHeaders={6}, Signature={7}", SCHEME + "-" + ALGORITHM, accessKey, dateStamp, RegionName, ServiceName, TERMINATOR, SignedHeaders, signature);
Console.WriteLine("\nAuthorization:\n{0}", authorization);
return authorization;
}
private byte[] GetSignatureKey(string key, string dateStamp, string regionName, string serviceName)
{
byte[] kSecret = Encoding.UTF8.GetBytes(("AWS4" + key).ToCharArray());
byte[] kDate = HmacSHA256(dateStamp, kSecret);
byte[] kRegion = HmacSHA256(regionName, kDate);
byte[] kService = HmacSHA256(serviceName, kRegion);
byte[] kSigning = HmacSHA256(TERMINATOR, kService);
return kSigning;
}
static byte[] HmacSHA256(String data, byte[] key)
{
string algorithm = "HmacSHA256";
KeyedHashAlgorithm kha = KeyedHashAlgorithm.Create(algorithm);
kha.Key = key;
return kha.ComputeHash(Encoding.UTF8.GetBytes(data));
}
private static byte[] ToBytes(string str)
{
return Encoding.UTF8.GetBytes(str.ToCharArray());
}
private static byte[] Hash(byte[] bytes)
{
return SHA256.Create().ComputeHash(bytes);
}
private static string HexEncode(byte[] bytes)
{
return BitConverter.ToString(bytes).Replace("-", string.Empty).ToLowerInvariant();
}
Anyone have any idea what I'm doing wrong?
Thank you!
Finally, I changed my Sign method by this:
public async Task<HttpRequestMessage> Sign(HttpRequestMessage request, string service, string region, TimeSpan? timeOffset = null)
{
if (!IsValidRequest(request, service, region))
throw new Exception("Invalid request!");
if (request.Headers.Host == null)
{
request.Headers.Host = request.RequestUri.Host;
}
var payloadHash = await GetPayloadHash(request.Content);
if (request.Headers.Contains("x-amz-content-sha256") == false)
request.Headers.Add("x-amz-content-sha256", payloadHash);
if (request.Headers.Contains("x-amz-security-token") == false)
request.Headers.Add("x-amz-security-token", Account.session_token);
var t = DateTimeOffset.UtcNow;
if (timeOffset.HasValue)
t = t.Add(timeOffset.Value);
var amzDate = t.ToString(ISO8601BasicFormat);
var dateStamp = t.ToString(DateStringFormat);
request.Headers.Add("x-amz-date", amzDate);
var canonicalUri = string.Join("/", request.RequestUri.AbsolutePath.Split('/').Select(Uri.EscapeDataString));
var canonicalQueryParams = GetCanonicalQueryParams(request);
var signedHeadersList = new List<string>();
var canonicalHeaders = new StringBuilder();
foreach (var header in request.Headers.OrderBy(a => a.Key.ToLowerInvariant(), StringComparer.OrdinalIgnoreCase))
{
var headerValue = (header.Key == "Host") ? EndPoint : string.Join(",", header.Value.Select(s => s.Trim()));
canonicalHeaders.Append($"{header.Key.ToLowerInvariant()}:{headerValue}\n");
signedHeadersList.Add(header.Key.ToLowerInvariant());
}
var signedHeaders = string.Join(";", signedHeadersList);
string canonicalRequest = $"{request.Method}\n{canonicalUri}\n{canonicalQueryParams}\n{canonicalHeaders}\n{signedHeaders}\n{payloadHash}";
string hashedCanonicalRequest = Hash(Encoding.UTF8.GetBytes(canonicalRequest.ToString()));
var credentialScope = $"{dateStamp }/{region}/{service}/{Terminator}";
var signingKey = GetSignatureKey(Account.secret_key, dateStamp, region, service);
var stringToSign = $"{AWS4AlgorithmTag}\n{amzDate}\n{credentialScope}\n{hashedCanonicalRequest}";
var signature = ToHexString(HmacSha256(signingKey, stringToSign));
string authorization = $"{AWS4AlgorithmTag} Credential={Account.access_key_id}/{credentialScope}, SignedHeaders={signedHeaders}, Signature={signature}";
request.Headers.TryAddWithoutValidation("Authorization", authorization);
return request;
}
Now it's working perfectly. A thing really important is: In test, the Host need to be the good on, https://api.orderhive.com/. The problem of my previous question is, when I build the header, for an obscure reason, he have something wrong when the AWS calcule the signature. Hope this helps others who encounter this problem.

AWS Signature v4 key value store KVS in C#

I'm trying to integrate "Signing AWS Requests with Signature Version 4" in C#. Unfortunately, Amazon has not given much detail into implementation in C#. I've tried my luck in implementing. But its throwing this error Message
"The remote server returned an error: (403) Forbidden.
Note: I've got this working on Postman. But not able to make it work in C#.
Error receiving: Message = "The remote server returned an error: (403) Forbidden.
I've used this documentation for signing https://docs.amazonaws.cn/en_us/general/latest/gr/sigv4_signing.html
public WebRequest RequestPost(string canonicalUri, string canonicalQueriString, string jsonString)
{
string hashedRequestPayload = CreateRequestPayload(jsonString);
string authorization = Sign(hashedRequestPayload, "PUT", canonicalUri, canonicalQueriString);
string requestDate = DateTime.ParseExact(DateTime.UtcNow.ToString(), "YYYYMMDD'T'HHMMSS'Z'", CultureInfo.InvariantCulture).ToString();
WebRequest webRequest = WebRequest.Create(canonicalUri + canonicalQueriString);
webRequest.Method = "PUT";
webRequest.ContentType = ContentType;
webRequest.Headers.Add("X-Amz-date", requestDate);
webRequest.Headers.Add("Authorization", authorization);
webRequest.Headers.Add("x-amz-content-sha256", hashedRequestPayload);
webRequest.ContentLength = jsonString.Length;
ASCIIEncoding encoding = new ASCIIEncoding();
byte[] data = encoding.GetBytes(jsonString);
Stream newStream = webRequest.GetRequestStream();
newStream.Write(data, 0, data.Length);
using (WebResponse response = webRequest.GetResponse())
{
StreamReader responseReader = new StreamReader(response.GetResponseStream());
var responseJson = responseReader.ReadToEnd();
}
return webRequest;
}
const string RegionName = "eu-west-1"; //This is the regionName
const string ServiceName = "execute-api";
const string Algorithm = "AWS4-HMAC-SHA256";
const string ContentType = "application/json";
const string Host = "<hostname>";
const string SignedHeaders = "content-type;host;x-amz-content-sha256;x-amz-date";
private static string CreateRequestPayload(string jsonString)
{
//Here should be JSON object of the model we are sending with POST request
//var jsonToSerialize = new { Data = String.Empty };
//We parse empty string to the serializer if we are makeing GET request
//string requestPayload = new JavaScriptSerializer().Serialize(jsonToSerialize);
string hashedRequestPayload = HexEncode(Hash(ToBytes(jsonString)));
return hashedRequestPayload;
}
private static string Sign(string hashedRequestPayload, string requestMethod, string canonicalUri, string canonicalQueryString)
{
var currentDateTime = DateTime.UtcNow;
var accessKey = "";
var secretKey = "";
var dateStamp = currentDateTime.ToString("yyyyMMdd");
//var requestDate = currentDateTime.ToString("YYYYMMDD'T'HHMMSS'Z");
var requestDate = DateTime.ParseExact(currentDateTime.ToString(), "YYYYMMDD'T'HHMMSS'Z'", CultureInfo.InvariantCulture);
var credentialScope = string.Format("{0}/{1}/{2}/aws4_request", dateStamp, RegionName, ServiceName);
var headers = new SortedDictionary<string, string> {
{ "content-type", ContentType },
{ "host", Host },
{ "x-amz-date", requestDate.ToString() }
};
string canonicalHeaders = string.Join("\n", headers.Select(x => x.Key.ToLowerInvariant() + ":" + x.Value.Trim())) + "\n";
// Task 1: Create a Canonical Request For Signature Version 4
string canonicalRequest = requestMethod + "\n" + canonicalUri + "\n" + canonicalQueryString + "\n" + canonicalHeaders + "\n" + SignedHeaders + "\n" + hashedRequestPayload;
string hashedCanonicalRequest = HexEncode(Hash(ToBytes(canonicalRequest)));
// Task 2: Create a String to Sign for Signature Version 4
string stringToSign = Algorithm + "\n" + requestDate + "\n" + credentialScope + "\n" + hashedCanonicalRequest;
// Task 3: Calculate the AWS Signature Version 4
byte[] signingKey = GetSignatureKey(secretKey, dateStamp, RegionName, ServiceName);
string signature = HexEncode(HmacSha256(stringToSign, signingKey));
// Task 4: Prepare a signed request
// Authorization: algorithm Credential=access key ID/credential scope, SignedHeadaers=SignedHeaders, Signature=signature
string authorization = string.Format("{0} Credential={1}/{2}/{3}/{4}/aws4_request, SignedHeaders={5}, Signature={6}",
Algorithm, accessKey, dateStamp, RegionName, ServiceName, SignedHeaders, signature);
return authorization;
}
private static byte[] GetSignatureKey(string key, string dateStamp, string regionName, string serviceName)
{
byte[] kDate = HmacSha256(dateStamp, ToBytes("AWS4" + key));
byte[] kRegion = HmacSha256(regionName, kDate);
byte[] kService = HmacSha256(serviceName, kRegion);
return HmacSha256("aws4_request", kService);
}
private static byte[] ToBytes(string str)
{
return Encoding.UTF8.GetBytes(str.ToCharArray());
}
private static string HexEncode(byte[] bytes)
{
return BitConverter.ToString(bytes).Replace("-", string.Empty).ToLowerInvariant();
}
private static byte[] Hash(byte[] bytes)
{
return SHA256.Create().ComputeHash(bytes);
}
private static byte[] HmacSha256(string data, byte[] key)
{
return new HMACSHA256(key).ComputeHash(ToBytes(data));
}
I had the same problem , the solution is using RestClient rather than HttpClient or WebRequest .
Would you be willing to use the HttpClient instead of WebRequest? In that case I have created a NuGet package called AwsSignatureVersion4 which has been verified to work with the AWS API Gateway.

typo3 login with c# webclient

I need to do some web-scraping from a C# console application. The site is using typo3. I need some help to login, specifically at RSA encryption used by typo3 extension (/typo3/sysext/rsaauth/resources/jsbn/rsa.js). Any clues are appreciated. Here is the code:
public class TestTypo3Login
{
public CookieAwareWebClient MyWebClient;
public string TestLogin(String typo3Url, String userName, String password)
{
MyWebClient = new CookieAwareWebClient();
var mozilaAgent = "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)";
MyWebClient.Headers.Add("User-Agent", mozilaAgent);
// GET public key
var rsaKey = MyWebClient.DownloadString(String.Format("{0}?eID=FrontendLoginRsaPublicKey", typo3Url));
// sample public_key and exponent received from server
// B712B54CCB46DB7DAB3564195CD387B0D054A680756EB434CF03A435C281A43746390CD82D57188F96B20F8BBCC60F6A6F89BE33856EDDB8F832E7CD412F96EF3651594EE84379FCE1D32E93732648A7B4218E411A0ADC8365204AAF0F71BD84FD47959381A95BBC51FD0FB44693CD8207C7D27DDA0CEF346126FBD5EC9238D9:10001
var rsaParts = rsaKey.Split(new string[] { ":" }, StringSplitOptions.RemoveEmptyEntries);
string public_key = rsaParts[0];
string exponent = rsaParts[1];
//try to encrypt password in a similar way with javascript in /typo3/sysext/rsaauth/resources/jsbn/rsa.js
var encryptedPassword = Encrypt(public_key, exponent, password);
return encryptedPassword;
}
public static string Encrypt(string public_key, string exponent, string data)
{
var rsap = new System.Security.Cryptography.RSAParameters();
rsap.Modulus = GetBytesFromHexString(public_key);
rsap.Exponent = GetBytesFromHexString(exponent);
var rsa = new RSACryptoServiceProvider(); ;
rsa.ImportParameters(rsap);
var res = rsa.Encrypt(Encoding.ASCII.GetBytes(data), true);
return Convert.ToBase64String(res);
}
public static byte[] GetBytesFromHexString(string hexString)
{
if (hexString.Length % 2 == 1) { hexString = "0" + hexString; }
byte[] bytes = new byte[hexString.Length / 2];
for (int i = 0; i < hexString.Length - 1; i += 2)
{
bytes[i / 2] = byte.Parse(hexString.Substring(i, 2), System.Globalization.NumberStyles.HexNumber);
}
return bytes;
}
}
I solved this by using the original javascript typo3 fe_login code via an javascript engine.
Steps:
NuGet-Package Microsoft.ClearScript Link
Capture following js files via Charles: base64.js, prng4.js, rng.js, jsbn.js, rsa.js
Add js files as resources to your project
Use following code:
public string RsaEncryptPwJavaScript(string pw, string rsaPublicKey)
{
var assembly = Assembly.GetExecutingAssembly();
string resourcePrefix = "MyNamespace.Typo3Js";
var keyParts = rsaPublicKey.Split(':');
using (var engine = new V8ScriptEngine())
{
engine.Execute("var navigator = { 'appName': 'Chrome' };");
engine.Execute(GetResource(assembly, resourcePrefix + ".base64.js"));
engine.Execute(GetResource(assembly, resourcePrefix + ".prng4.js"));
engine.Execute(GetResource(assembly, resourcePrefix + ".rng.js"));
engine.Execute(GetResource(assembly, resourcePrefix + ".jsbn.js"));
engine.Execute(GetResource(assembly, resourcePrefix + ".rsa.js"));
engine.Execute(GetEncryptJsCode());
return engine.Script.encryptPw(pw, keyParts[0], keyParts[1]);
}
}
private string GetEncryptJsCode()
{
//Code from Typo3 / fe_login.js - this.encryptPasswordAndSubmitForm
return #"function encryptPw(pw, publicKeyModulus, exponent) {
var rsa, encryptedPassword;
rsa = new RSAKey();
rsa.setPublic(publicKeyModulus, exponent);
encryptedPassword = rsa.encrypt(pw);
return 'rsa:' + hex2b64(encryptedPassword);
}";
}
private string GetResource(Assembly assembly, string resourceName)
{
using (Stream stream = assembly.GetManifestResourceStream(resourceName))
using (StreamReader reader = new StreamReader(stream))
{
return reader.ReadToEnd();
}
}
The rsaPublicKey should be the string resolved by this call var rsaKey = MyWebClient.DownloadString(String.Format("{0}?eID=FrontendLoginRsaPublicKey", typo3Url));

AWS API Gateway Signature

I am trying to sign my requests to the amazon gateway. But every time when I try to send a POST request it tells me that my signature has been expired. Any ideas will be appreciated.
You have some problem with getting the time or something like that. I had the problem with the payload. So if you are making GET request your payload is an EMPTY STRING. Otherwise it should be hashed Json object. Here is example of how I do it in my application. The code can be raw, but I am 100000% it work, because I am using it every day.
const string RegionName = "eu-west-1"; //This is the regionName
const string ServiceName = "apigateway";
const string Algorithm = "AWS4-HMAC-SHA256";
const string ContentType = "application/json";
const string Host = "apigateway.eu-west-1.amazonaws.com";
const string SignedHeaders = "content-type;host;x-amz-date";
public static WebRequest RequestGet(string canonicalUri, string canonicalQueriString, string jsonString) {
string hashedRequestPayload = CreateRequestPayload("");
string authorization = Sign(hashedRequestPayload, "GET", canonicalUri, canonicalQueriString);
string requestDate = DateTime.UtcNow.ToString("yyyyMMddTHHmmss") + "Z";
WebRequest webRequest = WebRequest.Create("https://" + Host + canonicalUri);
webRequest.Method = "GET";
webRequest.ContentType = ContentType;
webRequest.Headers.Add("X-Amz-date", requestDate);
webRequest.Headers.Add("Authorization", authorization);
webRequest.Headers.Add("x-amz-content-sha256", hashedRequestPayload);
return webRequest;
}
public static WebRequest RequestPost(string canonicalUri, string canonicalQueriString, string jsonString)
{
string hashedRequestPayload = CreateRequestPayload(jsonString);
string authorization = Sign(hashedRequestPayload, "POST", canonicalUri, canonicalQueriString);
string requestDate = DateTime.UtcNow.ToString("yyyyMMddTHHmmss") + "Z";
WebRequest webRequest = WebRequest.Create("https://" + Host + canonicalUri);
webRequest.Timeout = 20000;
webRequest.Method = "POST";
webRequest.ContentType = ContentType;
webRequest.Headers.Add("X-Amz-date", requestDate);
webRequest.Headers.Add("Authorization", authorization);
webRequest.Headers.Add("x-amz-content-sha256", hashedRequestPayload);
webRequest.ContentLength = jsonString.Length;
ASCIIEncoding encoding = new ASCIIEncoding();
byte[] data = encoding.GetBytes(jsonString);
Stream newStream = webRequest.GetRequestStream();
newStream.Write(data, 0, data.Length);
return webRequest;
}
private static string CreateRequestPayload(string jsonString) {
//Here should be JSON object of the model we are sending with POST request
//var jsonToSerialize = new { Data = String.Empty };
//We parse empty string to the serializer if we are makeing GET request
//string requestPayload = new JavaScriptSerializer().Serialize(jsonToSerialize);
string hashedRequestPayload = HexEncode(Hash(ToBytes(jsonString)));
return hashedRequestPayload;
}
private static string Sign(string hashedRequestPayload, string requestMethod, string canonicalUri, string canonicalQueryString) {
var currentDateTime = DateTime.UtcNow;
var accessKey = //Here place your app ACCESS_KEY
var secretKey = //Here is a place for you app SECRET_KEY
var dateStamp = currentDateTime.ToString("yyyyMMdd");
var requestDate = currentDateTime.ToString("yyyyMMddTHHmmss") + "Z";
var credentialScope = string.Format("{0}/{1}/{2}/aws4_request", dateStamp, RegionName, ServiceName);
var headers = new SortedDictionary < string, string > {
{ "content-type", ContentType },
{ "host", Host },
{ "x-amz-date", requestDate }
};
string canonicalHeaders = string.Join("\n", headers.Select(x => x.Key.ToLowerInvariant() + ":" + x.Value.Trim())) + "\n";
// Task 1: Create a Canonical Request For Signature Version 4
string canonicalRequest = requestMethod + "\n" + canonicalUri + "\n" + canonicalQueryString + "\n" + canonicalHeaders + "\n" + SignedHeaders + "\n" + hashedRequestPayload;
string hashedCanonicalRequest = HexEncode(Hash(ToBytes(canonicalRequest)));
// Task 2: Create a String to Sign for Signature Version 4
string stringToSign = Algorithm + "\n" + requestDate + "\n" + credentialScope + "\n" + hashedCanonicalRequest;
// Task 3: Calculate the AWS Signature Version 4
byte[] signingKey = GetSignatureKey(secretKey, dateStamp, RegionName, ServiceName);
string signature = HexEncode(HmacSha256(stringToSign, signingKey));
// Task 4: Prepare a signed request
// Authorization: algorithm Credential=access key ID/credential scope, SignedHeadaers=SignedHeaders, Signature=signature
string authorization = string.Format("{0} Credential={1}/{2}/{3}/{4}/aws4_request, SignedHeaders={5}, Signature={6}",
Algorithm, accessKey, dateStamp, RegionName, ServiceName, SignedHeaders, signature);
return authorization;
}
private static byte[] GetSignatureKey(string key, string dateStamp, string regionName, string serviceName) {
byte[] kDate = HmacSha256(dateStamp, ToBytes("AWS4" + key));
byte[] kRegion = HmacSha256(regionName, kDate);
byte[] kService = HmacSha256(serviceName, kRegion);
return HmacSha256("aws4_request", kService);
}
private static byte[] ToBytes(string str) {
return Encoding.UTF8.GetBytes(str.ToCharArray());
}
private static string HexEncode(byte[] bytes) {
return BitConverter.ToString(bytes).Replace("-", string.Empty).ToLowerInvariant();
}
private static byte[] Hash(byte[] bytes) {
return SHA256.Create().ComputeHash(bytes);
}
private static byte[] HmacSha256(string data, byte[] key) {
return new HMACSHA256(key).ComputeHash(ToBytes(data));
}
So for example if I want to get all the APIs that are deployed in the Gateway I am doing like this:
using(WebResponse response = webRequest.GetResponse()) {
StreamReader responseReader = new StreamReader(response.GetResponseStream());
string responseJson = responseReader.ReadToEnd();
} catch (WebException) {
//Doing something when exception has been thrown
}
Here is the interesting part of creating a API Key. First you need to make your raw payload and then pass it to the methods I gave you above:
string payload = "{ \"name\" : \"" + name + "\", \"description\" : \"" + description.Trim() + "\", \"enabled\" : \"True\", \"stageKeys\" : [ ] }";
WebRequest webRequest = RequestSignerAWS.RequestPost("/apikeys", "", payload);
And make sure you are getting the time of the creating the request, because this will cause you the problem you are having.
You can look or use the code in this project for sending requests to API gateway:
https://github.com/ronenfe/Addons.AwsSdk
It uses this code for the signing:
https://github.com/tsibelman/aws-signer-v4-dot-net .

Accessing azure tables entities

Hi all i want to access azure tables entities from windows phone either using rest API or using Odata.
I have written a code but that this giving me NULL response. Every time i want to access a table entity i call GetEntity function. Below is the code that i am using.
Please if anybody know what wrong in this code or any help reply asap.
//////////// GetEntity Function.//////////
private void GetEntity(String tableName, String partitionKey, String rowKey)
{
String requestMethod = "GET";
String urlPath = String.Format("{0}(PartitionKey='{1}',RowKey='{2}')", tableName, partitionKey, rowKey);
String dateInRfc1123Format = DateTime.Now.ToString("R", System.Globalization.CultureInfo.InvariantCulture);
String canonicalizedResource = String.Format("/{0}/{1}", AzureStorageConstants.Account, urlPath);
String stringToSign = String.Format(
"{0}\n\n\n{1}\n{2}",
requestMethod,
dateInRfc1123Format,
canonicalizedResource);
String authorizationHeader = CreateAuthorizationHeader(stringToSign);
HttpWebResponse response;
Uri uri = new Uri(AzureStorageConstants.TableEndPoint + urlPath);
HttpWebRequest request = (HttpWebRequest)HttpWebRequest.Create(uri);
request = (HttpWebRequest)WebRequest.Create(uri);
request.Method = requestMethod;
request.Headers[HttpRequestHeader.ProxyAuthorization] = null;
request.Headers["Address"] = uri.ToString();
request.Headers["Method"] = requestMethod;
request.Headers["x-ms-date"]= DateTime.Now.ToString("R", System.Globalization.CultureInfo.InvariantCulture);
request.Headers["x-ms-version"]= "2011-08-18";
request.Headers["Authorization"] = authorizationHeader;
request.Headers["Accept-Charset"] = "UTF-8";
request.Headers["ContentType"] = "application/atom+xml,application/xml";
request.ContentType = "application/atom+xml,application/xml";
request.Headers["DataServiceVersion"] = "1.0;NetFx";
request.Headers["MaxDataServiceVersion"] = "1.0;NetFx";
using (response = GetResponse(request))
{
Stream dataStream = response.GetResponseStream();
using (StreamReader reader = new StreamReader(dataStream))
{
String responseFromServer = reader.ReadToEnd();
}
}
}
// GetResponse Function.
public HttpWebResponse GetResponse(HttpWebRequest request)
{
var dataReady = new AutoResetEvent(false);
HttpWebResponse response = null;
var callback = new AsyncCallback(delegate(IAsyncResult asynchronousResult)
{
response = (HttpWebResponse)request.EndGetResponse(asynchronousResult);
dataReady.Set();
});
request.BeginGetResponse(callback, request);
return response;
}
////// CreateAuthorization Function.///
private String CreateAuthorizationHeader(String canonicalizedString)
{
String signature = string.Empty;
using (HMACSHA256 hmacSha256 = new HMACSHA256(Convert.FromBase64String(AzureStorageConstants.Key)))
{
Byte[] dataToHmac = System.Text.Encoding.UTF8.GetBytes(canonicalizedString);
signature = Convert.ToBase64String(hmacSha256.ComputeHash(dataToHmac));
}
String authorizationHeader = String.Format(
CultureInfo.InvariantCulture,
"{0} {1}:{2}",
AzureStorageConstants.SharedKeyAuthorizationScheme,
AzureStorageConstants.Account,
signature);
return authorizationHeader;
}
////////AzureStorageConstants.
public static class AzureStorageConstants
{
private static String TableAccount = "datablobs";
private static String cloudEndPointFormat = "http://" + TableAccount + ".table.core.windows.net/";
private static String cloudKey = "Primary Access Key";// Here actual key is written.
private static string AzureStorage_SharedKeyAuthorizationScheme = "SharedKey";
public static String Account
{
get { return TableAccount; }
}
public static string SharedKeyAuthorizationScheme
{
get { return AzureStorage_SharedKeyAuthorizationScheme; }
}
public static string Key
{
get { return cloudKey; }
}
public static String TableEndPoint
{
get { return cloudEndPointFormat; }
}
}
for solution refer to below linked i have posted the solution there http://social.msdn.microsoft.com/Forums/en-US/windowsazureconnectivity/thread/84415c36-9475-4af0-9f52-c534f5681432
I checked you code and found the GetEntity() function does have some problem with regard to creating signature to access the Windows Azure Table Storage, so I hack together the following code which does work. You can just replace your GetEntity() and add two other function included in the code below to work signature process properly.
private string GetEntity(String tableName, String partitionKey, String rowKey)
{
string result = "";
String requestMethod = "GET";
String urlPath = String.Format("{0}(PartitionKey='{1}',RowKey='{2}')",tableName, partitionKey, rowKey);
DateTime now = DateTime.UtcNow;
HttpWebResponse response;
string uri = AzureStorageConstants.TableEndPoint + urlPath;
HttpWebRequest request = (HttpWebRequest)HttpWebRequest.Create(uri);
request.Method = requestMethod;
request.ContentLength = 0;
request.Headers.Add("x-ms-date", now.ToString("R", System.Globalization.CultureInfo.InvariantCulture));
request.Headers.Add("x-ms-version", "2009-09-19");
request.ContentType = "application/atom+xml";
request.Headers.Add("DataServiceVersion", "1.0;NetFx");
request.Headers.Add("MaxDataServiceVersion", "1.0;NetFx");
request.Headers.Add("If-Match", "*");
request.Headers.Add("Accept-Charset", "UTF-8");
request.Headers.Add("Authorization", AuthorizationHeader(requestMethod, now, request));
request.Accept = "application/atom+xml";
using (response = request.GetResponse() as HttpWebResponse)
{
Stream dataStream = response.GetResponseStream();
using (StreamReader reader = new StreamReader(dataStream))
{
result = reader.ReadToEnd();
}
}
return result;
}
public string AuthorizationHeader(string method, DateTime now, HttpWebRequest request)
{
string MessageSignature;
MessageSignature = String.Format("{0}\n\n{1}\n{2}\n{3}",
method,
"application/atom+xml",
now.ToString("R", System.Globalization.CultureInfo.InvariantCulture),
GetCanonicalizedResource(request.RequestUri, AzureStorageConstants.Account)
);
byte[] SignatureBytes = System.Text.Encoding.UTF8.GetBytes(MessageSignature);
System.Security.Cryptography.HMACSHA256 SHA256 = new System.Security.Cryptography.HMACSHA256(Convert.FromBase64String(AzureStorageConstants.Key));
String AuthorizationHeader = "SharedKey " + AzureStorageConstants.Account + ":" + Convert.ToBase64String(SHA256.ComputeHash(SignatureBytes));
return AuthorizationHeader;
}
public string GetCanonicalizedResource(Uri address, string accountName)
{
StringBuilder str = new StringBuilder();
StringBuilder builder = new StringBuilder("/");
builder.Append(accountName);
builder.Append(address.AbsolutePath);
str.Append(builder.ToString());
NameValueCollection values2 = new NameValueCollection();
NameValueCollection values = HttpUtility.ParseQueryString(address.Query);
foreach (string str2 in values.Keys)
{
ArrayList list = new ArrayList(values.GetValues(str2));
list.Sort();
StringBuilder builder2 = new StringBuilder();
foreach (object obj2 in list)
{
if (builder2.Length > 0)
{
builder2.Append(",");
}
builder2.Append(obj2.ToString());
}
values2.Add((str2 == null) ? str2 : str2.ToLowerInvariant(), builder2.ToString());
}
ArrayList list2 = new ArrayList(values2.AllKeys);
list2.Sort();
foreach (string str3 in list2)
{
StringBuilder builder3 = new StringBuilder(string.Empty);
builder3.Append(str3);
builder3.Append(":");
builder3.Append(values2[str3]);
str.Append("\n");
str.Append(builder3.ToString());
}
return str.ToString();
}
To fix your Signature related problem, I took the code from Storage_REST_CS sample which has superb implementation of accessing Windows Azure (Blob, Table & Queue) Storage over REST interface.

Categories