Amazon MWS: Calculated signature dose not match provided on translating working PHP solution to c#

Question

I wrote together a working solution for uploading bills to Amazon with examples from internet in PHP and it uploads the invoices (I checked, works fine). In my attempt to rewrite it in C# code, I always get the following answer:

<?xml version="1.0"?>
<ErrorResponse xmlns="http://mws.amazonaws.com/doc/2009-01-01/">
    <Error>
        <Type>Sender</Type>
        <Code>SignatureDoesNotMatch</Code>
        <Message>The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details.</Message>
    </Error>
    <RequestID>bc0409f1-881a-468e-9435-4c5b0a7c78b4</RequestID>
</ErrorResponse>

The PHP code as follow:

<?php
    $fileName                        = "Invoice12345656.pdf";
    $file                            = fopen($fileName, "r");
    $pdf_feed                        = '@'. fread($file, filesize($fileName));
    $hash                            = base64_encode(md5($pdf_feed, true));
    $param                           = array();
    $param['AWSAccessKeyId']         = '*******************'; 
    $param['Action']                 = 'SubmitFeed';
    $param['SellerId']               = '********************';
    $param['FeedType']               = '_UPLOAD_VAT_INVOICE_';
    $param['FeedOptions']            = 'metadata:OrderId=123-4567890-2949968;metadata:InvoiceNumber=20173723;metadata:documenttype=Invoice';
    $param['SignatureMethod']        = 'HmacSHA256';
    $param['SignatureVersion']       = '2';
    $param['ContentMD5Value']        = $hash;
    $param['Timestamp']              = gmdate("Y-m-d\TH:i:s.\\0\\0\\0\\Z", time());
    $param['Version']                = '2009-01-01';
    $param['MarketplaceIdList.Id.1'] = 'A1PA6795UKMFR9';
    $param['PurgeAndReplace']        = 'false'; 
    $secret                          = '*****************************************';
    $url                             = array();

    foreach ($param as $key => $val) {
        $key    = urlencode($key);
        $val    = urlencode($val);
        $url[]  = "{$key}={$val}";
    }

    fclose($file);
    sort($url);

    $arr            = implode('&', $url);
    $sign           = 'POST' . "\n";
    $sign          .= 'mws.amazonservices.de' . "\n";
    $sign          .= '/Feeds/'.$param['Version'].'' . "\n";
    $sign          .= $arr;
    $signature      = hash_hmac("sha256", $sign, $secret, true);
    $httpHeader     =   array();
    $httpHeader[]   =   'Content-Type: multipart/form-data';
    $httpHeader[]   =   'Content-MD5: ' . $hash;
    $signature      = urlencode(base64_encode($signature));
    $link           = "https://mws.amazonservices.de/Feeds/".$param['Version']."?" . $arr . "&Signature=" . $signature;
    $ch             = curl_init($link);

    curl_setopt($ch, CURLOPT_HTTPHEADER, $httpHeader);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
    curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
    curl_setopt($ch, CURLOPT_POST, 1);
    curl_setopt($ch, CURLOPT_POSTFIELDS, $pdf_feed);
    curl_exec($ch);
    curl_getinfo($ch);
    curl_close($ch);

and this is how my unfortunate attempt looks like in c #:

    public static void Main()
    {
        var httpClient = new HttpClient();
        var requestMessage = new HttpRequestMessage();

        var pdfStream = File.OpenRead("../../Invoice12345656.pdf");
        var pdfMD5Hash = MD5.Create().ComputeHash(pdfStream);
        var pdfMD5HashString = Convert.ToBase64String(pdfMD5Hash);

        var query = new Dictionary<string, string>()
        {
            { "AWSAccessKeyId",         "*******************" },
            { "Action",                 "SubmitFeed" },
            { "SellerId",               "*******************" },
            { "FeedType",               "_UPLOAD_VAT_INVOICE_" },
            { "FeedOptions",            "metadata:DocumentType=Invoice;metadata:InvoiceNumber=20177311;metadata:OrderId=123-4567890-8041110" },
            { "SignatureMethod",        "HmacSHA256" },
            { "SignatureVersion",       "2" },
            { "ContentMD5Value",        pdfMD5HashString },
            { "Timestamp",              DateTime.UtcNow.ToString("yyyy-MM-dd\\THH:mm:ss.000\\Z", CultureInfo.InvariantCulture) },
            { "Version",                "2009-01-01" },
            { "MarketplaceIdList.Id.1", "A1PA6795UKMFR9" },
            { "PurgeAndReplace",        "false" },
        };

        var queryString = string.Join("&", query.Select(x => $"{x.Key}={WebUtility.UrlEncode(x.Value)}"));
        var textToSign = $"POST{Environment.NewLine}mws.amazonservices.de{Environment.NewLine}/Feeds/2009-01-01{Environment.NewLine}{queryString}";
        var textToSignBytes = Encoding.Default.GetBytes(textToSign);
        var hmacSHA256 = new HMACSHA256(Convert.FromBase64String("*******************"));
        var signature = WebUtility.UrlEncode(Convert.ToBase64String(hmacSHA256.ComputeHash(textToSignBytes)));

        var formDataContent = new MultipartFormDataContent();
        formDataContent.Headers.ContentType = new MediaTypeHeaderValue("multipart/form-data");
        formDataContent.Headers.Add("Content-MD5", pdfMD5HashString);
        formDataContent.Add(new StringContent("@" + Convert.ToBase64String(File.ReadAllBytes("../../Invoice12345656.pdf"))));

        requestMessage.RequestUri = new Uri($"https://mws.amazonservices.de/Feeds/2009-01-01?{queryString}&Signature={signature}");
        requestMessage.Method = HttpMethod.Post;
        requestMessage.Content = formDataContent;

        var response = httpClient.SendAsync(requestMessage).Result;

        Console.WriteLine(response.Content.ReadAsStringAsync().Result);
    }

Any ideas why this happens.

Any help is appreciated. Thanks in advance.