Getting The remote server returned an error: (403) Forbidden in C# during calling API with AWS authntication
0
Getting HTTPResponse
"{"message":"The request signature we calculated does not match the
signature you provided. Check your AWS Secret Access Key and signing
method. Consult the service documentation for details.nnThe
Canonical String for this request should have
beenn'GETn/staging/usernemail=test%40gmail.com&mobile=123naccess-id:dffgdfgfgdfgnhost:dfgdfgdfgfnx-amz-date:20181113T134535Znx-api-key:nnaccess-id;host;x-amz-date;x-api-key'nnThe
String-to-Sign should have
beenn'AWS4-HMAC-SHA256n20181113T134535Zn20181113/ap-southeast-1/execute-api/aws4_requestdfgdfgdfgdfgd'n"}"
Code:-
using Newtonsoft.Json;
using System;
using System.Collections.Generic;
using System.IO;
using System.Linq;
using System.Net;
using System.Security.Cryptography;
using System.Text;
using System.Text.RegularExpressions;
namespace Test.Old_App_Code
{
public class APICall
{
public string CheckUserID()
{
UMSConfig oUMSConfig = new UMSConfig();
oUMSConfig.AccessId = "";
oUMSConfig.ApiKey = "";
oUMSConfig.Host = "";
oUMSConfig.RegionName = "";
oUMSConfig.SecretKey = "";
oUMSConfig.ServerName = "";
var authorization = new AwsHeaders(oUMSConfig, "/staging/user", "GET", "?email=test@gmail.com&mobile=123", "");
ServicePointManager.SecurityProtocol = SecurityProtocolType.Ssl3 | SecurityProtocolType.Tls;
WebRequest webRequest = WebRequest.Create("https://" + oUMSConfig.Host + "/staging/user?email=test@gmail.com&mobile=123");
webRequest.Method = "GET";
webRequest.ContentType = "application/json";
webRequest.Headers.Add("X-Amz-date", DateTime.Now.ToUniversalTime().ToString("yyyyMMddTHHmmssZ"));
webRequest.Headers.Add("Authorization", authorization.Authorization);
webRequest.Headers.Add("x-api-key", oUMSConfig.ApiKey);
webRequest.Headers.Add("access-id", oUMSConfig.AccessId);
webRequest.UseDefaultCredentials = true;
webRequest.Proxy.Credentials = System.Net.CredentialCache.DefaultCredentials;
var response = (HttpWebResponse)webRequest.GetResponse();
var responseString = new StreamReader(response.GetResponseStream()).ReadToEnd();
return "";
}
}
public class AwsHeaders
{
public const string ENCRYPT_METHOD = "AWS4-HMAC-SHA256";
public string Host { get; private set; }
public string RequestUrl { get; private set; }
public string Authorization { get; private set; }
public IDictionary<string, string> AddtionalHeaders { get; set; }
public DateTime Date { get; private set; }
public DateTime DateVersion { get; set; }
public AwsHeaders(UMSConfig _config, string canonicalURI, string method, string queryString, string bodyPayload)
{
//setup info to generate headers
this.Host = _config.Host;
//aws will check this time for prevent over 5 minutes delay request
this.Date = DateTime.Now.ToUniversalTime();
this.DateVersion = DateTime.Now.ToUniversalTime();
//content headers key-val pair to add to HttpClient
this.AddtionalHeaders = new Dictionary<string, string>();
this.AddtionalHeaders.Add("access-id", _config.AccessId);
this.AddtionalHeaders.Add("host", _config.Host);
this.AddtionalHeaders.Add("x-amz-date", GetDateTimeString());
this.AddtionalHeaders.Add("x-api-key", _config.ApiKey);
//get HttpMethod name from enum
string httpRequestMethod = method.ToString();
//query string or body of request should be process then it should be empty string if it is null
var parsedQueryString = string.IsNullOrEmpty(queryString) ? "" : EncodeQueryString(queryString); //percent encode
bodyPayload = string.IsNullOrEmpty(bodyPayload) ? "" : bodyPayload;
//canonical headers are string combine of header-key:value+"n" sorted by header key follow ASCII code
string canonicalHeaders = string.Join("n", this.AddtionalHeaders.Select(a => a.Key + ":" + a.Value)) + "n";
//signed headers are string combine of header-key join by "n";
string signedHeaders = string.Join(";", this.AddtionalHeaders.Select(a => a.Key));
//hash the body by SHA256 then Encode it by Base16
var sha256 = SHA256.Create();
string hashPayload = BitConverter.ToString(sha256.ComputeHash(Encoding.UTF8.GetBytes(bodyPayload))).Replace("-", "").ToLower();
//Canonical Request is string combine of HttpRequestMethod, CanonicalURI, percent encoded QueryString, CanonicalHeaders, SignedHeaders and Body Payload - JOIN by "n"
//The canonical URI is the URI-encoded version of the absolute path component of the URI, which is everything in the URI from the HTTP host to the question mark character ("?") that begins the query string parameters (if any).
string canonicalRequest = httpRequestMethod + "n" + canonicalURI + "n" + parsedQueryString + "n" + canonicalHeaders + "n" + signedHeaders + "n" + hashPayload;
//Get Base16 encoded string of SHA256(CanonicalRequest)
//Use for build the Authorization Header
string hashedCanonicalRequest = BitConverter.ToString(sha256.ComputeHash(Encoding.UTF8.GetBytes(canonicalRequest))).Replace("-", "").ToLower();
//Use for build the Authorization Header
string credentialScope = $"{GetDateVersionString()}/{_config.RegionName}/{_config.ServerName}/aws4_request";
//Use for build Signature
string stringToSign = AwsHeaders.ENCRYPT_METHOD + 'n'
+ GetDateTimeString() + 'n'
+ credentialScope + 'n' + hashedCanonicalRequest;
//transfer secretkey to derived signing key for security
byte derivedSigningKey = GetSignatureKey(_config.SecretKey, GetDateVersionString(), _config.RegionName, _config.ServerName);
//Get final Signature
string signature = BitConverter.ToString(HmacSHA256(stringToSign, derivedSigningKey)).Replace("-", "").ToLower();
string authorizationHeader = "Credential=" + _config.AccessId + "/" + credentialScope + ", SignedHeaders=" + signedHeaders + ", Signature=" + signature;
this.Authorization = AwsHeaders.ENCRYPT_METHOD + " " + authorizationHeader; //new AuthenticationHeaderValue(AwsHeaders.ENCRYPT_METHOD, authorizationHeader);
this.RequestUrl = $"{UMSConfig.HTTP_SCHEME}{_config.Host}{canonicalURI}";
if (!string.IsNullOrEmpty(queryString))
{
this.RequestUrl += $"?{queryString}";
}
}
private byte HmacSHA256(string data, byte key)
{
var hasher = new HMACSHA256(key);
return hasher.ComputeHash(Encoding.UTF8.GetBytes(data));
}
private byte GetSignatureKey(string key, string dateStamp, string regionName, string serviceName)
{
byte kSecret = Encoding.UTF8.GetBytes(("AWS4" + key).ToCharArray());
byte kDate = HmacSHA256(dateStamp, kSecret);
byte kRegion = HmacSHA256(regionName, kDate);
byte kService = HmacSHA256(serviceName, kRegion);
byte kSigning = HmacSHA256("aws4_request", kService);
return kSigning;
}
private string EncodeQueryString(string query)
{
var keysVals = query.Split('&');
IDictionary<string, string> queries = new Dictionary<string, string>();
foreach (var kv in keysVals)
{
var splits = kv.Split('=');
var key = splits[0];
var val = splits[1];
if (!string.IsNullOrEmpty(val))
{
val = Uri.EscapeDataString(val);
}
queries.Add(key, val);
}
var encodedQuery = EncodeSpecialCharacters(string.Join("&", queries.OrderBy(q => q.Key).Select(v => Uri.EscapeDataString(v.Key) + (!string.IsNullOrEmpty(v.Value) ? "=" + v.Value : ""))));
return encodedQuery;
}
private string EncodeSpecialCharacters(string data)
{
//Do not URI-encode any of the unreserved characters that RFC 3986 defines: A-Z, a-z, 0-9, hyphen ( - ), underscore ( _ ), period ( . ), and tilde ( ~ )
if (data.Contains("!"))
data = data.Replace("!", "%21");
if (data.Contains("'"))
data = data.Replace("'", "%27");
if (data.Contains("("))
data = data.Replace("(", "%28");
if (data.Contains(")"))
data = data.Replace(")", "%29");
if (data.Contains("*"))
data = data.Replace("*", "%2A");
if (data.Contains(","))
data = data.Replace(",", "%2C");
return data;
}
public string GetDateTimeString()
{
return this.Date.ToString("yyyyMMddTHHmmssZ");
}
public string GetDateVersionString()
{
return this.DateVersion.ToString("yyyyMMdd");
}
}
public class UMSConfig
{
public const string HTTP_SCHEME = "https://";
public string Host { get; set; }
public string Environment { get; set; }
public string AccessId { get; set; }
public string SecretKey { get; set; }
public string RegionName { get; set; }
public string ServerName { get; set; }
public string ApiKey { get; set; }
}
}
c# asp.net amazon-web-services api authentication
asked Nov 14 '18 at 13:38
Ghanshyam BaravaliyaGhanshyam Baravaliya
11719
add a comment |
0
Getting HTTPResponse
"{"message":"The request signature we calculated does not match the
signature you provided. Check your AWS Secret Access Key and signing
method. Consult the service documentation for details.nnThe
Canonical String for this request should have
beenn'GETn/staging/usernemail=test%40gmail.com&mobile=123naccess-id:dffgdfgfgdfgnhost:dfgdfgdfgfnx-amz-date:20181113T134535Znx-api-key:nnaccess-id;host;x-amz-date;x-api-key'nnThe
String-to-Sign should have
beenn'AWS4-HMAC-SHA256n20181113T134535Zn20181113/ap-southeast-1/execute-api/aws4_requestdfgdfgdfgdfgd'n"}"
Code:-
using Newtonsoft.Json;
using System;
using System.Collections.Generic;
using System.IO;
using System.Linq;
using System.Net;
using System.Security.Cryptography;
using System.Text;
using System.Text.RegularExpressions;
namespace Test.Old_App_Code
{
public class APICall
{
public string CheckUserID()
{
UMSConfig oUMSConfig = new UMSConfig();
oUMSConfig.AccessId = "";
oUMSConfig.ApiKey = "";
oUMSConfig.Host = "";
oUMSConfig.RegionName = "";
oUMSConfig.SecretKey = "";
oUMSConfig.ServerName = "";
var authorization = new AwsHeaders(oUMSConfig, "/staging/user", "GET", "?email=test@gmail.com&mobile=123", "");
ServicePointManager.SecurityProtocol = SecurityProtocolType.Ssl3 | SecurityProtocolType.Tls;
WebRequest webRequest = WebRequest.Create("https://" + oUMSConfig.Host + "/staging/user?email=test@gmail.com&mobile=123");
webRequest.Method = "GET";
webRequest.ContentType = "application/json";
webRequest.Headers.Add("X-Amz-date", DateTime.Now.ToUniversalTime().ToString("yyyyMMddTHHmmssZ"));
webRequest.Headers.Add("Authorization", authorization.Authorization);
webRequest.Headers.Add("x-api-key", oUMSConfig.ApiKey);
webRequest.Headers.Add("access-id", oUMSConfig.AccessId);
webRequest.UseDefaultCredentials = true;
webRequest.Proxy.Credentials = System.Net.CredentialCache.DefaultCredentials;
var response = (HttpWebResponse)webRequest.GetResponse();
var responseString = new StreamReader(response.GetResponseStream()).ReadToEnd();
return "";
}
}
public class AwsHeaders
{
public const string ENCRYPT_METHOD = "AWS4-HMAC-SHA256";
public string Host { get; private set; }
public string RequestUrl { get; private set; }
public string Authorization { get; private set; }
public IDictionary<string, string> AddtionalHeaders { get; set; }
public DateTime Date { get; private set; }
public DateTime DateVersion { get; set; }
public AwsHeaders(UMSConfig _config, string canonicalURI, string method, string queryString, string bodyPayload)
{
//setup info to generate headers
this.Host = _config.Host;
//aws will check this time for prevent over 5 minutes delay request
this.Date = DateTime.Now.ToUniversalTime();
this.DateVersion = DateTime.Now.ToUniversalTime();
//content headers key-val pair to add to HttpClient
this.AddtionalHeaders = new Dictionary<string, string>();
this.AddtionalHeaders.Add("access-id", _config.AccessId);
this.AddtionalHeaders.Add("host", _config.Host);
this.AddtionalHeaders.Add("x-amz-date", GetDateTimeString());
this.AddtionalHeaders.Add("x-api-key", _config.ApiKey);
//get HttpMethod name from enum
string httpRequestMethod = method.ToString();
//query string or body of request should be process then it should be empty string if it is null
var parsedQueryString = string.IsNullOrEmpty(queryString) ? "" : EncodeQueryString(queryString); //percent encode
bodyPayload = string.IsNullOrEmpty(bodyPayload) ? "" : bodyPayload;
//canonical headers are string combine of header-key:value+"n" sorted by header key follow ASCII code
string canonicalHeaders = string.Join("n", this.AddtionalHeaders.Select(a => a.Key + ":" + a.Value)) + "n";
//signed headers are string combine of header-key join by "n";
string signedHeaders = string.Join(";", this.AddtionalHeaders.Select(a => a.Key));
//hash the body by SHA256 then Encode it by Base16
var sha256 = SHA256.Create();
string hashPayload = BitConverter.ToString(sha256.ComputeHash(Encoding.UTF8.GetBytes(bodyPayload))).Replace("-", "").ToLower();
//Canonical Request is string combine of HttpRequestMethod, CanonicalURI, percent encoded QueryString, CanonicalHeaders, SignedHeaders and Body Payload - JOIN by "n"
//The canonical URI is the URI-encoded version of the absolute path component of the URI, which is everything in the URI from the HTTP host to the question mark character ("?") that begins the query string parameters (if any).
string canonicalRequest = httpRequestMethod + "n" + canonicalURI + "n" + parsedQueryString + "n" + canonicalHeaders + "n" + signedHeaders + "n" + hashPayload;
//Get Base16 encoded string of SHA256(CanonicalRequest)
//Use for build the Authorization Header
string hashedCanonicalRequest = BitConverter.ToString(sha256.ComputeHash(Encoding.UTF8.GetBytes(canonicalRequest))).Replace("-", "").ToLower();
//Use for build the Authorization Header
string credentialScope = $"{GetDateVersionString()}/{_config.RegionName}/{_config.ServerName}/aws4_request";
//Use for build Signature
string stringToSign = AwsHeaders.ENCRYPT_METHOD + 'n'
+ GetDateTimeString() + 'n'
+ credentialScope + 'n' + hashedCanonicalRequest;
//transfer secretkey to derived signing key for security
byte derivedSigningKey = GetSignatureKey(_config.SecretKey, GetDateVersionString(), _config.RegionName, _config.ServerName);
//Get final Signature
string signature = BitConverter.ToString(HmacSHA256(stringToSign, derivedSigningKey)).Replace("-", "").ToLower();
string authorizationHeader = "Credential=" + _config.AccessId + "/" + credentialScope + ", SignedHeaders=" + signedHeaders + ", Signature=" + signature;
this.Authorization = AwsHeaders.ENCRYPT_METHOD + " " + authorizationHeader; //new AuthenticationHeaderValue(AwsHeaders.ENCRYPT_METHOD, authorizationHeader);
this.RequestUrl = $"{UMSConfig.HTTP_SCHEME}{_config.Host}{canonicalURI}";
if (!string.IsNullOrEmpty(queryString))
{
this.RequestUrl += $"?{queryString}";
}
}
private byte HmacSHA256(string data, byte key)
{
var hasher = new HMACSHA256(key);
return hasher.ComputeHash(Encoding.UTF8.GetBytes(data));
}
private byte GetSignatureKey(string key, string dateStamp, string regionName, string serviceName)
{
byte kSecret = Encoding.UTF8.GetBytes(("AWS4" + key).ToCharArray());
byte kDate = HmacSHA256(dateStamp, kSecret);
byte kRegion = HmacSHA256(regionName, kDate);
byte kService = HmacSHA256(serviceName, kRegion);
byte kSigning = HmacSHA256("aws4_request", kService);
return kSigning;
}
private string EncodeQueryString(string query)
{
var keysVals = query.Split('&');
IDictionary<string, string> queries = new Dictionary<string, string>();
foreach (var kv in keysVals)
{
var splits = kv.Split('=');
var key = splits[0];
var val = splits[1];
if (!string.IsNullOrEmpty(val))
{
val = Uri.EscapeDataString(val);
}
queries.Add(key, val);
}
var encodedQuery = EncodeSpecialCharacters(string.Join("&", queries.OrderBy(q => q.Key).Select(v => Uri.EscapeDataString(v.Key) + (!string.IsNullOrEmpty(v.Value) ? "=" + v.Value : ""))));
return encodedQuery;
}
private string EncodeSpecialCharacters(string data)
{
//Do not URI-encode any of the unreserved characters that RFC 3986 defines: A-Z, a-z, 0-9, hyphen ( - ), underscore ( _ ), period ( . ), and tilde ( ~ )
if (data.Contains("!"))
data = data.Replace("!", "%21");
if (data.Contains("'"))
data = data.Replace("'", "%27");
if (data.Contains("("))
data = data.Replace("(", "%28");
if (data.Contains(")"))
data = data.Replace(")", "%29");
if (data.Contains("*"))
data = data.Replace("*", "%2A");
if (data.Contains(","))
data = data.Replace(",", "%2C");
return data;
}
public string GetDateTimeString()
{
return this.Date.ToString("yyyyMMddTHHmmssZ");
}
public string GetDateVersionString()
{
return this.DateVersion.ToString("yyyyMMdd");
}
}
public class UMSConfig
{
public const string HTTP_SCHEME = "https://";
public string Host { get; set; }
public string Environment { get; set; }
public string AccessId { get; set; }
public string SecretKey { get; set; }
public string RegionName { get; set; }
public string ServerName { get; set; }
public string ApiKey { get; set; }
}
}
c# asp.net amazon-web-services api authentication
asked Nov 14 '18 at 13:38
Ghanshyam BaravaliyaGhanshyam Baravaliya
11719
add a comment |
0
0
0
Getting HTTPResponse
"{"message":"The request signature we calculated does not match the
signature you provided. Check your AWS Secret Access Key and signing
method. Consult the service documentation for details.nnThe
Canonical String for this request should have
beenn'GETn/staging/usernemail=test%40gmail.com&mobile=123naccess-id:dffgdfgfgdfgnhost:dfgdfgdfgfnx-amz-date:20181113T134535Znx-api-key:nnaccess-id;host;x-amz-date;x-api-key'nnThe
String-to-Sign should have
beenn'AWS4-HMAC-SHA256n20181113T134535Zn20181113/ap-southeast-1/execute-api/aws4_requestdfgdfgdfgdfgd'n"}"
Code:-
using Newtonsoft.Json;
using System;
using System.Collections.Generic;
using System.IO;
using System.Linq;
using System.Net;
using System.Security.Cryptography;
using System.Text;
using System.Text.RegularExpressions;
namespace Test.Old_App_Code
{
public class APICall
{
public string CheckUserID()
{
UMSConfig oUMSConfig = new UMSConfig();
oUMSConfig.AccessId = "";
oUMSConfig.ApiKey = "";
oUMSConfig.Host = "";
oUMSConfig.RegionName = "";
oUMSConfig.SecretKey = "";
oUMSConfig.ServerName = "";
var authorization = new AwsHeaders(oUMSConfig, "/staging/user", "GET", "?email=test@gmail.com&mobile=123", "");
ServicePointManager.SecurityProtocol = SecurityProtocolType.Ssl3 | SecurityProtocolType.Tls;
WebRequest webRequest = WebRequest.Create("https://" + oUMSConfig.Host + "/staging/user?email=test@gmail.com&mobile=123");
webRequest.Method = "GET";
webRequest.ContentType = "application/json";
webRequest.Headers.Add("X-Amz-date", DateTime.Now.ToUniversalTime().ToString("yyyyMMddTHHmmssZ"));
webRequest.Headers.Add("Authorization", authorization.Authorization);
webRequest.Headers.Add("x-api-key", oUMSConfig.ApiKey);
webRequest.Headers.Add("access-id", oUMSConfig.AccessId);
webRequest.UseDefaultCredentials = true;
webRequest.Proxy.Credentials = System.Net.CredentialCache.DefaultCredentials;
var response = (HttpWebResponse)webRequest.GetResponse();
var responseString = new StreamReader(response.GetResponseStream()).ReadToEnd();
return "";
}
}
public class AwsHeaders
{
public const string ENCRYPT_METHOD = "AWS4-HMAC-SHA256";
public string Host { get; private set; }
public string RequestUrl { get; private set; }
public string Authorization { get; private set; }
public IDictionary<string, string> AddtionalHeaders { get; set; }
public DateTime Date { get; private set; }
public DateTime DateVersion { get; set; }
public AwsHeaders(UMSConfig _config, string canonicalURI, string method, string queryString, string bodyPayload)
{
//setup info to generate headers
this.Host = _config.Host;
//aws will check this time for prevent over 5 minutes delay request
this.Date = DateTime.Now.ToUniversalTime();
this.DateVersion = DateTime.Now.ToUniversalTime();
//content headers key-val pair to add to HttpClient
this.AddtionalHeaders = new Dictionary<string, string>();
this.AddtionalHeaders.Add("access-id", _config.AccessId);
this.AddtionalHeaders.Add("host", _config.Host);
this.AddtionalHeaders.Add("x-amz-date", GetDateTimeString());
this.AddtionalHeaders.Add("x-api-key", _config.ApiKey);
//get HttpMethod name from enum
string httpRequestMethod = method.ToString();
//query string or body of request should be process then it should be empty string if it is null
var parsedQueryString = string.IsNullOrEmpty(queryString) ? "" : EncodeQueryString(queryString); //percent encode
bodyPayload = string.IsNullOrEmpty(bodyPayload) ? "" : bodyPayload;
//canonical headers are string combine of header-key:value+"n" sorted by header key follow ASCII code
string canonicalHeaders = string.Join("n", this.AddtionalHeaders.Select(a => a.Key + ":" + a.Value)) + "n";
//signed headers are string combine of header-key join by "n";
string signedHeaders = string.Join(";", this.AddtionalHeaders.Select(a => a.Key));
//hash the body by SHA256 then Encode it by Base16
var sha256 = SHA256.Create();
string hashPayload = BitConverter.ToString(sha256.ComputeHash(Encoding.UTF8.GetBytes(bodyPayload))).Replace("-", "").ToLower();
//Canonical Request is string combine of HttpRequestMethod, CanonicalURI, percent encoded QueryString, CanonicalHeaders, SignedHeaders and Body Payload - JOIN by "n"
//The canonical URI is the URI-encoded version of the absolute path component of the URI, which is everything in the URI from the HTTP host to the question mark character ("?") that begins the query string parameters (if any).
string canonicalRequest = httpRequestMethod + "n" + canonicalURI + "n" + parsedQueryString + "n" + canonicalHeaders + "n" + signedHeaders + "n" + hashPayload;
//Get Base16 encoded string of SHA256(CanonicalRequest)
//Use for build the Authorization Header
string hashedCanonicalRequest = BitConverter.ToString(sha256.ComputeHash(Encoding.UTF8.GetBytes(canonicalRequest))).Replace("-", "").ToLower();
//Use for build the Authorization Header
string credentialScope = $"{GetDateVersionString()}/{_config.RegionName}/{_config.ServerName}/aws4_request";
//Use for build Signature
string stringToSign = AwsHeaders.ENCRYPT_METHOD + 'n'
+ GetDateTimeString() + 'n'
+ credentialScope + 'n' + hashedCanonicalRequest;
//transfer secretkey to derived signing key for security
byte derivedSigningKey = GetSignatureKey(_config.SecretKey, GetDateVersionString(), _config.RegionName, _config.ServerName);
//Get final Signature
string signature = BitConverter.ToString(HmacSHA256(stringToSign, derivedSigningKey)).Replace("-", "").ToLower();
string authorizationHeader = "Credential=" + _config.AccessId + "/" + credentialScope + ", SignedHeaders=" + signedHeaders + ", Signature=" + signature;
this.Authorization = AwsHeaders.ENCRYPT_METHOD + " " + authorizationHeader; //new AuthenticationHeaderValue(AwsHeaders.ENCRYPT_METHOD, authorizationHeader);
this.RequestUrl = $"{UMSConfig.HTTP_SCHEME}{_config.Host}{canonicalURI}";
if (!string.IsNullOrEmpty(queryString))
{
this.RequestUrl += $"?{queryString}";
}
}
private byte HmacSHA256(string data, byte key)
{
var hasher = new HMACSHA256(key);
return hasher.ComputeHash(Encoding.UTF8.GetBytes(data));
}
private byte GetSignatureKey(string key, string dateStamp, string regionName, string serviceName)
{
byte kSecret = Encoding.UTF8.GetBytes(("AWS4" + key).ToCharArray());
byte kDate = HmacSHA256(dateStamp, kSecret);
byte kRegion = HmacSHA256(regionName, kDate);
byte kService = HmacSHA256(serviceName, kRegion);
byte kSigning = HmacSHA256("aws4_request", kService);
return kSigning;
}
private string EncodeQueryString(string query)
{
var keysVals = query.Split('&');
IDictionary<string, string> queries = new Dictionary<string, string>();
foreach (var kv in keysVals)
{
var splits = kv.Split('=');
var key = splits[0];
var val = splits[1];
if (!string.IsNullOrEmpty(val))
{
val = Uri.EscapeDataString(val);
}
queries.Add(key, val);
}
var encodedQuery = EncodeSpecialCharacters(string.Join("&", queries.OrderBy(q => q.Key).Select(v => Uri.EscapeDataString(v.Key) + (!string.IsNullOrEmpty(v.Value) ? "=" + v.Value : ""))));
return encodedQuery;
}
private string EncodeSpecialCharacters(string data)
{
//Do not URI-encode any of the unreserved characters that RFC 3986 defines: A-Z, a-z, 0-9, hyphen ( - ), underscore ( _ ), period ( . ), and tilde ( ~ )
if (data.Contains("!"))
data = data.Replace("!", "%21");
if (data.Contains("'"))
data = data.Replace("'", "%27");
if (data.Contains("("))
data = data.Replace("(", "%28");
if (data.Contains(")"))
data = data.Replace(")", "%29");
if (data.Contains("*"))
data = data.Replace("*", "%2A");
if (data.Contains(","))
data = data.Replace(",", "%2C");
return data;
}
public string GetDateTimeString()
{
return this.Date.ToString("yyyyMMddTHHmmssZ");
}
public string GetDateVersionString()
{
return this.DateVersion.ToString("yyyyMMdd");
}
}
public class UMSConfig
{
public const string HTTP_SCHEME = "https://";
public string Host { get; set; }
public string Environment { get; set; }
public string AccessId { get; set; }
public string SecretKey { get; set; }
public string RegionName { get; set; }
public string ServerName { get; set; }
public string ApiKey { get; set; }
}
}
c# asp.net amazon-web-services api authentication
asked Nov 14 '18 at 13:38
Ghanshyam BaravaliyaGhanshyam Baravaliya
11719
Getting HTTPResponse
"{"message":"The request signature we calculated does not match the
signature you provided. Check your AWS Secret Access Key and signing
method. Consult the service documentation for details.nnThe
Canonical String for this request should have
beenn'GETn/staging/usernemail=test%40gmail.com&mobile=123naccess-id:dffgdfgfgdfgnhost:dfgdfgdfgfnx-amz-date:20181113T134535Znx-api-key:nnaccess-id;host;x-amz-date;x-api-key'nnThe
String-to-Sign should have
beenn'AWS4-HMAC-SHA256n20181113T134535Zn20181113/ap-southeast-1/execute-api/aws4_requestdfgdfgdfgdfgd'n"}"
Code:-
using Newtonsoft.Json;
using System;
using System.Collections.Generic;
using System.IO;
using System.Linq;
using System.Net;
using System.Security.Cryptography;
using System.Text;
using System.Text.RegularExpressions;
namespace Test.Old_App_Code
{
public class APICall
{
public string CheckUserID()
{
UMSConfig oUMSConfig = new UMSConfig();
oUMSConfig.AccessId = "";
oUMSConfig.ApiKey = "";
oUMSConfig.Host = "";
oUMSConfig.RegionName = "";
oUMSConfig.SecretKey = "";
oUMSConfig.ServerName = "";
var authorization = new AwsHeaders(oUMSConfig, "/staging/user", "GET", "?email=test@gmail.com&mobile=123", "");
ServicePointManager.SecurityProtocol = SecurityProtocolType.Ssl3 | SecurityProtocolType.Tls;
WebRequest webRequest = WebRequest.Create("https://" + oUMSConfig.Host + "/staging/user?email=test@gmail.com&mobile=123");
webRequest.Method = "GET";
webRequest.ContentType = "application/json";
webRequest.Headers.Add("X-Amz-date", DateTime.Now.ToUniversalTime().ToString("yyyyMMddTHHmmssZ"));
webRequest.Headers.Add("Authorization", authorization.Authorization);
webRequest.Headers.Add("x-api-key", oUMSConfig.ApiKey);
webRequest.Headers.Add("access-id", oUMSConfig.AccessId);
webRequest.UseDefaultCredentials = true;
webRequest.Proxy.Credentials = System.Net.CredentialCache.DefaultCredentials;
var response = (HttpWebResponse)webRequest.GetResponse();
var responseString = new StreamReader(response.GetResponseStream()).ReadToEnd();
return "";
}
}
public class AwsHeaders
{
public const string ENCRYPT_METHOD = "AWS4-HMAC-SHA256";
public string Host { get; private set; }
public string RequestUrl { get; private set; }
public string Authorization { get; private set; }
public IDictionary<string, string> AddtionalHeaders { get; set; }
public DateTime Date { get; private set; }
public DateTime DateVersion { get; set; }
public AwsHeaders(UMSConfig _config, string canonicalURI, string method, string queryString, string bodyPayload)
{
//setup info to generate headers
this.Host = _config.Host;
//aws will check this time for prevent over 5 minutes delay request
this.Date = DateTime.Now.ToUniversalTime();
this.DateVersion = DateTime.Now.ToUniversalTime();
//content headers key-val pair to add to HttpClient
this.AddtionalHeaders = new Dictionary<string, string>();
this.AddtionalHeaders.Add("access-id", _config.AccessId);
this.AddtionalHeaders.Add("host", _config.Host);
this.AddtionalHeaders.Add("x-amz-date", GetDateTimeString());
this.AddtionalHeaders.Add("x-api-key", _config.ApiKey);
//get HttpMethod name from enum
string httpRequestMethod = method.ToString();
//query string or body of request should be process then it should be empty string if it is null
var parsedQueryString = string.IsNullOrEmpty(queryString) ? "" : EncodeQueryString(queryString); //percent encode
bodyPayload = string.IsNullOrEmpty(bodyPayload) ? "" : bodyPayload;
//canonical headers are string combine of header-key:value+"n" sorted by header key follow ASCII code
string canonicalHeaders = string.Join("n", this.AddtionalHeaders.Select(a => a.Key + ":" + a.Value)) + "n";
//signed headers are string combine of header-key join by "n";
string signedHeaders = string.Join(";", this.AddtionalHeaders.Select(a => a.Key));
//hash the body by SHA256 then Encode it by Base16
var sha256 = SHA256.Create();
string hashPayload = BitConverter.ToString(sha256.ComputeHash(Encoding.UTF8.GetBytes(bodyPayload))).Replace("-", "").ToLower();
//Canonical Request is string combine of HttpRequestMethod, CanonicalURI, percent encoded QueryString, CanonicalHeaders, SignedHeaders and Body Payload - JOIN by "n"
//The canonical URI is the URI-encoded version of the absolute path component of the URI, which is everything in the URI from the HTTP host to the question mark character ("?") that begins the query string parameters (if any).
string canonicalRequest = httpRequestMethod + "n" + canonicalURI + "n" + parsedQueryString + "n" + canonicalHeaders + "n" + signedHeaders + "n" + hashPayload;
//Get Base16 encoded string of SHA256(CanonicalRequest)
//Use for build the Authorization Header
string hashedCanonicalRequest = BitConverter.ToString(sha256.ComputeHash(Encoding.UTF8.GetBytes(canonicalRequest))).Replace("-", "").ToLower();
//Use for build the Authorization Header
string credentialScope = $"{GetDateVersionString()}/{_config.RegionName}/{_config.ServerName}/aws4_request";
//Use for build Signature
string stringToSign = AwsHeaders.ENCRYPT_METHOD + 'n'
+ GetDateTimeString() + 'n'
+ credentialScope + 'n' + hashedCanonicalRequest;
//transfer secretkey to derived signing key for security
byte derivedSigningKey = GetSignatureKey(_config.SecretKey, GetDateVersionString(), _config.RegionName, _config.ServerName);
//Get final Signature
string signature = BitConverter.ToString(HmacSHA256(stringToSign, derivedSigningKey)).Replace("-", "").ToLower();
string authorizationHeader = "Credential=" + _config.AccessId + "/" + credentialScope + ", SignedHeaders=" + signedHeaders + ", Signature=" + signature;
this.Authorization = AwsHeaders.ENCRYPT_METHOD + " " + authorizationHeader; //new AuthenticationHeaderValue(AwsHeaders.ENCRYPT_METHOD, authorizationHeader);
this.RequestUrl = $"{UMSConfig.HTTP_SCHEME}{_config.Host}{canonicalURI}";
if (!string.IsNullOrEmpty(queryString))
{
this.RequestUrl += $"?{queryString}";
}
}
private byte HmacSHA256(string data, byte key)
{
var hasher = new HMACSHA256(key);
return hasher.ComputeHash(Encoding.UTF8.GetBytes(data));
}
private byte GetSignatureKey(string key, string dateStamp, string regionName, string serviceName)
{
byte kSecret = Encoding.UTF8.GetBytes(("AWS4" + key).ToCharArray());
byte kDate = HmacSHA256(dateStamp, kSecret);
byte kRegion = HmacSHA256(regionName, kDate);
byte kService = HmacSHA256(serviceName, kRegion);
byte kSigning = HmacSHA256("aws4_request", kService);
return kSigning;
}
private string EncodeQueryString(string query)
{
var keysVals = query.Split('&');
IDictionary<string, string> queries = new Dictionary<string, string>();
foreach (var kv in keysVals)
{
var splits = kv.Split('=');
var key = splits[0];
var val = splits[1];
if (!string.IsNullOrEmpty(val))
{
val = Uri.EscapeDataString(val);
}
queries.Add(key, val);
}
var encodedQuery = EncodeSpecialCharacters(string.Join("&", queries.OrderBy(q => q.Key).Select(v => Uri.EscapeDataString(v.Key) + (!string.IsNullOrEmpty(v.Value) ? "=" + v.Value : ""))));
return encodedQuery;
}
private string EncodeSpecialCharacters(string data)
{
//Do not URI-encode any of the unreserved characters that RFC 3986 defines: A-Z, a-z, 0-9, hyphen ( - ), underscore ( _ ), period ( . ), and tilde ( ~ )
if (data.Contains("!"))
data = data.Replace("!", "%21");
if (data.Contains("'"))
data = data.Replace("'", "%27");
if (data.Contains("("))
data = data.Replace("(", "%28");
if (data.Contains(")"))
data = data.Replace(")", "%29");
if (data.Contains("*"))
data = data.Replace("*", "%2A");
if (data.Contains(","))
data = data.Replace(",", "%2C");
return data;
}
public string GetDateTimeString()
{
return this.Date.ToString("yyyyMMddTHHmmssZ");
}
public string GetDateVersionString()
{
return this.DateVersion.ToString("yyyyMMdd");
}
}
public class UMSConfig
{
public const string HTTP_SCHEME = "https://";
public string Host { get; set; }
public string Environment { get; set; }
public string AccessId { get; set; }
public string SecretKey { get; set; }
public string RegionName { get; set; }
public string ServerName { get; set; }
public string ApiKey { get; set; }
}
}
c# asp.net amazon-web-services api authentication
c# asp.net amazon-web-services api authentication
asked Nov 14 '18 at 13:38
Ghanshyam BaravaliyaGhanshyam Baravaliya
11719
asked Nov 14 '18 at 13:38
Ghanshyam BaravaliyaGhanshyam Baravaliya
11719
asked Nov 14 '18 at 13:38
Ghanshyam BaravaliyaGhanshyam Baravaliya
11719
asked Nov 14 '18 at 13:38
Ghanshyam BaravaliyaGhanshyam Baravaliya
11719
asked Nov 14 '18 at 13:38
Ghanshyam BaravaliyaGhanshyam Baravaliya
11719
11719
add a comment |
add a comment |
0
active
oldest
votes
Your Answer
StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
draft saved
draft discarded
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53301580%2fgetting-the-remote-server-returned-an-error-403-forbidden-in-c-sharp-during-c%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
0
active
oldest
votes
0
active
oldest
votes
active
oldest
votes
active
oldest
votes
draft saved
draft discarded
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
draft saved
draft discarded
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53301580%2fgetting-the-remote-server-returned-an-error-403-forbidden-in-c-sharp-during-c%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
