How to enable iOS Simulator to connect to CosmosDB Emulator

Question

I am developing an app and I would like to enable my iOS Simulator and dev device to connect to the CosmosDB Emulator running on my windows laptop.

I can set the proper endpoint url, pointing to the emulator, but the Trust for the SSL fails as I am accessing it via IP, and the Azure CosmosDB Certificate has a fixed set of Subject Alternative Names:

- DNS Name = localhost
- DNS Name = <my windows hostname>
- IP Address = 127.0.0.1
- IP Address = 172.18.222.81
- DNS Name = 127.0.0.1
- DNS Name = 172.18.222.81

Now, for the simulator I suppose I can solve it with my hosts file and just map to my Windows IP. Or use Charles Proxy and it's DNS Spoofing, but this fails to work on my development device. The hosts file I cannot change, and Charles Proxy will proxy web requests from Safari using the DNS spoofing from the app, but the DocumentClient from Microsoft.Azure.Documents.Client appears not to use the proxy at all.

I get a name resolution error when I try from the device when using https://<my windows hostname>:8081 as the endpoint url.

System.Net.Http.HttpRequestException: An error occurred while sending the request ---> System.Net.WebException: Error: NameResolutionFailure

I can however setup my own HttpClient and enable the Proxy from a provided HttpClientHandler and I can indeed, without a name resolution error, pull down the html from the emulator at: https://<my windows hostname>:8081/_explorer/index.html

Both of these will successfully use the proxy and fetch the html:

var settings = CoreFoundation.CFNetwork.GetSystemProxySettings();
var address = $"{settings.HTTPProxy}:{settings.HTTPPort}";
HttpClientHandler proxyHandler = new HttpClientHandler()
{
    Proxy = new WebProxy(Address: address, BypassOnLocal: false)
    UseProxy = true,
}

httpClient = new HttpClient(proxyHandler);

And this one

HttpClientHandler proxyHandler = new HttpClientHandler()
{
    Proxy = CoreFoundation.CFNetwork.GetDefaultProxy(),
    UseProxy = true,
}

httpClient = new HttpClient(proxyHandler);

So I know it can work, it just seems like DocumentClient from Microsoft.Azure.Documents.Client won't use any proxy and I could not find a way to configure it to use one unless I missed something.

Answer 1

This is an interesting scenario which has not been tested or investigated if it works or not. Though you can start the emulator such as it allow access from any IP:

CosmosDB.Emulator.exe -AllowNetworkAccess -NoFirewall -Key=C2y6yDjf5/R+ob0N8A7Cgv30VRDJIWEHLM+4QDU5DE2nQ9nDuVTqobD4b8mGGyPMbIZnqyMsEcaGQy67XIw/Jw== 

Second step is to export a certificate which you will have to import on your other computer (in your case the IOS Simulator). There's an article I found that might help: Adding a self-signed certificate to iphone Simulator?

To export the certificate execute the following PowerShell command line:

New-Variable HostDirectory -Scope Global -Option Constant -Value ((Get-Item $PSScriptRoot).CreateSubdirectory('bind-mount'))
New-Variable Key -Scope Global -Option Constant -Value 'C2y6yDjf5/R+ob0N8A7Cgv30VRDJIWEHLM+4QDU5DE2nQ9nDuVTqobD4b8mGGyPMbIZnqyMsEcaGQy67XIw/Jw=='
$password = ConvertTo-SecureString -String $Key -Force -AsPlainText
$cert = Get-ChildItem cert:\LocalMachine\My | Where-Object { $_.FriendlyName -eq "DocumentDbEmulatorCertificate" }
Export-PfxCertificate -Cert $cert -FilePath "$HostDirectory\CosmosDbEmulatorCert.pfx" -Password $password | Out-Null

$cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2
$cert.Import("$HostDirectory\CosmosDbEmulatorCert.pfx", $Key, "DefaultKeySet")
$cert | Export-Certificate -FilePath "$HostDirectory\CosmosDbEmulatorCert.cer" -Type CERT

Assuming you can import that cert onto iOS, then your IP is just the IP of your machine running the emulator.

If it proves impossible to import the cert, we're working on an improvement for the next .NET SDK release which will let you configure the HTTPClient we use under the hood, so you can configure things like disabling SSL verification (which you should never do for production, ever, but can be helpful for dev-only purposes).