0

I've looked at numerous questions around this but can't see the mistake I'm making. I'm trying to generate a Shared Access Signature to access an Azure SB Queue.

My C# code is working correctly:

    var expiry = 1499177142;// GetExpiry();
    string stringToSign = HttpUtility.UrlEncode(resourceUri);// + "\n" + expiry;
    HMACSHA256 hmac = new HMACSHA256(Encoding.UTF8.GetBytes(key));

    Console.WriteLine(Encoding.UTF8.GetBytes(stringToSign));

    var signature = Convert.ToBase64String(hmac.ComputeHash(Encoding.UTF8.GetBytes(stringToSign)));
    Console.WriteLine(signature);

    var sasToken = String.Format(CultureInfo.InvariantCulture, "SharedAccessSignature sr={0}&sig={1}&se={2}&skn={3}",
    HttpUtility.UrlEncode(resourceUri), HttpUtility.UrlEncode(signature), expiry, keyName);
    return sasToken;
// returns slXBw0u7Dt/YKS1Y+Wot02z730YXJ9NkS599JRzvDQI= for the signature element

My PHP gives a very different result:

$stringToSign = rawurlencode($resourceURI);// . "%0A" . $expiry;

$sig = hash_hmac("sha256",utf8_encode($stringToSign),utf8_encode($key),false);
echo $sig."<br>";

$token = "SharedAccessSignature sr=".urlencode($resourceURI)
."&sig=".rawurlencode(base64_encode($sig))."&se=".$expiry."&skn=".$keyName;
return $token; //returns MGNlZWViYWRmMjE2NWJhZGRjNWNhNDZkYWRlOTQyMzc3ODBhMWM2ZjA1OTk4MjI0MGUzMzllZmY4ZTk2OGUxNA==

I've tried encoding $stringToSign and $key and not in the hash, strtoupper and strtolower on the $stringToSign but can't get the result to be the same as C#

Chris Crawshaw
  • 287
  • 5
  • 21
  • Check the character set/encoding of the PHP input data. https://stackoverflow.com/questions/12804231/c-sharp-equivalent-to-hash-hmac-in-php – odan Jul 04 '17 at 15:22
  • I'm adding it as a string at the moment `$resourceURI = "https://abc.servicebus.windows.net/myqueue";`, same with $key – Chris Crawshaw Jul 04 '17 at 16:04

1 Answers1

1

This code should work in PHP and C#.

PHP:

<?php

$resourceURI = "http://nifi-eventhub.servicebus.windows.net/hub1";
$keyName = "hub-user";
$key = "secret";
$expiry = '1499177142'; // timestamp

// The format for the string is <resourceURI> + \n + <expiry>    
$stringToSign = strtolower(rawurlencode($resourceURI)) . "\n" . $expiry;

// Hash the URL encoded string using the shared access key
$sig = hash_hmac("sha256", utf8_encode($stringToSign), utf8_encode($key), false);

// Convert hexadecimal string to binary and then to base64
$sig = hex2bin($sig);
$sig = base64_encode($sig);

// 7kS3apSDpJFTYI1vxuo4t7syGG3FTBYI8foamMOtrEE=
echo $sig . "<br>\n";

// Generate authorization token
$token = "SharedAccessSignature sr=" . urlencode($resourceURI) . "&sig=" . rawurlencode($sig) . "&se=" . $expiry . "&skn=" . $keyName;
echo $token . "<br>\n";

In C#

string expiry = "1499177142";
string resourceUri = "http://nifi-eventhub.servicebus.windows.net/hub1";
string keyName = "hub-user";
string secretkey = "secret";

string stringToSign = HttpUtility.UrlEncode(resourceUri) + "\n" + expiry;

HMACSHA256 hmac = new HMACSHA256(Encoding.UTF8.GetBytes(secretkey));
byte[] hashBytes = hmac.ComputeHash(Encoding.UTF8.GetBytes(stringToSign));

var signature = Convert.ToBase64String(hashBytes);

// 7kS3apSDpJFTYI1vxuo4t7syGG3FTBYI8foamMOtrEE=
Console.WriteLine(signature);

var sasToken = String.Format(CultureInfo.InvariantCulture, "SharedAccessSignature sr={0}&sig={1}&se={2}&skn={3}",
HttpUtility.UrlEncode(resourceUri), HttpUtility.UrlEncode(signature), expiry, keyName);

Console.WriteLine(sasToken);
odan
  • 4,757
  • 5
  • 20
  • 49