Henry Recker
Reputation: 51
Creating Signed Cookies using AWS Cloudfront API in C#
I have been trying to use the .NET AWS Cloudfront API to create signed cookies for my S3 bucket, but whenever I send an HTTP request with the cookies that are created, I just get a result of "Forbidden". Is there something I am doing wrong in this code? Thanks.
CookiesForCannedPolicy cookies = AmazonCloudFrontCookieSigner.GetCookiesForCannedPolicy(
@"http://distribution123abc.cloudfront.net/*",
"KEYPAIRID",
new FileInfo(@"C:\bla\privatekey.pem"),
DateTime.Now.AddHours(1));
Uri target = new Uri(@"http://distribution123abc.cloudfront.net");
HttpWebRequest pleaseWork = (HttpWebRequest)WebRequest.Create(@"http://distribution123abc.cloudfront.net/files/test.txt");
if (pleaseWork.CookieContainer == null)
{
pleaseWork.CookieContainer = new CookieContainer();
}
pleaseWork.CookieContainer.Add(new Cookie(cookies.Signature.Key, cookies.Signature.Value) { Domain = target.Host } );
pleaseWork.CookieContainer.Add(new Cookie(cookies.KeyPairId.Key, cookies.KeyPairId.Value) { Domain = target.Host } );
pleaseWork.CookieContainer.Add(new Cookie(cookies.Expires.Key, cookies.Expires.Value) { Domain = target.Host } );
try
{
WebResponse response = pleaseWork.GetResponse();
Console.WriteLine("Response content length: " + response.ContentLength);
}
catch(WebException e)
{
Console.WriteLine(e.Message);
}
Upvotes: 2
Views: 2893
Answers (1)
Henry Recker
Reputation: 51
I found a solution. I had to change two things:
First I had to use signed cookies for a custom policy rather than a canned policy (and therefore use a "Policy" cookie rather than an "Expires" cookie).
Second, the domain I was setting for my cookies was incorrect. I needed to set the domain as just ".cloudfront.net", rather than specifying the domain for my distribution.
This is what my code looked like in the end:
CookiesForCustomPolicy cookies = AmazonCloudFrontCookieSigner.GetCookiesForCustomPolicy(
@"http://distribution123abc.cloudfront.net/*",
new StreamReader(@"C:\bla\privatekey.pem"),
"KEYPAIRID",
DateTime.Now.AddHours(1),
DateTime.Now.AddHours(-1),
"1.1.1.1");
string domain = ".cloudfront.net";
HttpWebRequest pleaseWork = (HttpWebRequest)WebRequest.Create(@"http://distribution123abc.cloudfront.net/files/test.txt");
if (pleaseWork.CookieContainer == null)
{
pleaseWork.CookieContainer = new CookieContainer();
}
pleaseWork.CookieContainer.Add(new Cookie(cookies.Signature.Key, cookies.Signature.Value) { Domain = domain } );
pleaseWork.CookieContainer.Add(new Cookie(cookies.KeyPairId.Key, cookies.KeyPairId.Value) { Domain = domain } );
pleaseWork.CookieContainer.Add(new Cookie(cookies.Policy.Key, cookies.Policy.Value) { Domain = domain } );
try
{
WebResponse response = pleaseWork.GetResponse();
Console.WriteLine("Response content length: " + response.ContentLength);
}
catch(WebException e)
{
Console.WriteLine(e.Message);
}
Upvotes: 2
Related Questions
- Creating Signed Cookies for Amazon CloudFront using C#
- Creating Signed Cookies for Amazon CloudFront
- AWS CloudFront signed cookies + S3 works in REST client app, but not browser
- How to generate signed URLs for Amazon S3 exposed by CloudFront using.NET
- Cloudfront signed URLs using c#
- Unable to set cookies for cloudfront for secure cookie based authentication
- Unable to use signed cookies for cloudfront
- setting up signed cookies for aws cloudfront https with php SDK
- Signed cookies in aws cloudfront without Key Pair (RSA private key)
- Using cookie-based authentication with CloudFront (NOT signed cookies)