FairPlay > SPC > streamingContentKeyRequestData > App Identifier - http-live-streaming

Can someone please clarify what is 'appIdentifier' in below function?
func streamingContentKeyRequestData(forApp appIdentifier: Data, contentIdentifier: Data, options: [String : Any]? = nil) throws -> Data
Is it something bundled within the Apple TV app or do we need to get it from server? Please explain it with example.

appIdentifier should be the certificate used to identify the application provider assigned by Apple.
If you look at the sample application in the sdk, you will see that it downloads the certificate from the server, because presumably it could change if there is an update from Apple.

Related

Session Value not persisted in Azure App Service

Session not persisted in Azure App Service
I have a Web Application in Asp.net MVC, I used to set the session. When I click a LoginButton
Session["FlowType"] : "Auth"
Now the request goes to IdentityServer and during Callback on
I tried to retrieve the session Session["FlowType"] and it gave me null value.
I checked the Azure Affinity Cookie too. It is same, when I checked in fiddler.
Can someone help me with this.
First, make sure the strings is same like 'FlowType'.
Second,you can try to debug your code like below.
Session["FlowType"]="aaa";
string test = Session["FlowType"].ToString();
Check the value of 'test', is null or 'aaa'. If the value of test is correct,maybe you can print Ctrl+Alt+i to open the Immediate Window in Visual Studio. Then you can check when the Session is missing.
The last Step,maybe you can modfiy your web.config to set config about the Session.
I hope the above answers can help you.
Add Pic
How to debug in azure. You also can google it.
step 1: Make sure publish configuration setting. Like pic bellow
step 2: When publish succeed,you can attach debugger
My IDE is vs2019, you can click View-> Cloud Explore ,then you find you sourcegroup and web app.
Like pic, you find it , and click, it will show Attach Debugger, then you
debugger in azure to test.
3. The first debugging will take a long time.

UWP on RPi - Trying to Provision to Azure - How to get X.509 certificate

I'm working with a RPi/UWP program (works well) that is signed with out X.509 certificate.
I have no problems connecting to Azure IoT hub if I manually provision the connection, but as we intend to ship these by the 100s, if not thousands, obviously that won't work.
I've looked at the code examples of using the provisioning service, but all of them are in the emulation.
Looking at the code, you have to load your X.509 certificate
certificateCollection.Import(s_certificateFileName, certificatePassword, X509KeyStorageFlags.UserKeySet);
This is where I get lost - Where on the RPi IS the certificate to load?
Basically, I THINK I understand how to do this in a plain Win10 app, but when you get to UWP on the RPi (a 3B, as the 3B+ is not supported - probably have to switch to Core) . Anyone have some sample code, or can point me in the right direction?
This document provides an overview of the cryptography features available to UWP apps.
You can generate the certificate file and then copy or import it to the device. If you copy the certificate file to device, you need to add capabilities for accessing the file to your UWP app. Please refer to this topic in MSDN forum. Following code can be used to import the pfx certificate into your device and then load it from cert store.
Import:
StorageFolder certificatesFolder = await Windows.ApplicationModel.Package.Current.InstalledLocation.GetFolderAsync("Certificates");
StorageFile certificateFile = await certificatesFolder.GetFileAsync("ClientCertificate .pfx ");
IBuffer certificateBuffer = await FileIO.ReadBufferAsync(certificateFile);
string encodedCertificate = Windows.Security.Cryptography.CryptographicBuffer.EncodeToBase64String(certificateBuffer);
await CertificateEnrollmentManager.ImportPfxDataAsync(encodedCertificate, "password", ExportOption.NotExportable, KeyProtectionLevel.NoConsent, InstallOptions.None, "certificateOne");
Load:
CertificateQuery certQuery = new CertificateQuery();
certQuery.FriendlyName = "certificateOne";
IReadOnlyList<Certificate> certificates = await CertificateStores.FindAllAsync(certQuery);

Azure Web App - Cannot GET (particular path)

I have been trying out the AADv2 sample from BotAuth to no avail.
The error that I keep getting after I select the button on the action card is that either a HTTP 500 internal server error, or Cannot GET /botauth/aadv2. When I check if the root web page or the messaging endpoint is working or not, I get the same error - either Cannot GET / or Cannot GET \api\messages. The root page I have been trying to get to is https://(botname).azurewebsites.net
May I know what steps I can take to resolve this issue? I have tried to Google the error, but to no avail. Please let me know if you need more information!
Since you are test the sample directly on Azure Web Apps, there should be a few of questions we should pay attention on.
1, const MICROSOFT_APP_ID = envx("MICROSOFT_APP_ID");
const MICROSOFT_APP_PASSWORD = envx("MICROSOFT_APP_PASSWORD");
we declare the environment valiable as MicrosoftAppId and MicrosoftAppPassword. Please modify this sentence as
//bot application identity
const MICROSOFT_APP_ID = envx("MicrosoftAppId");
const MICROSOFT_APP_PASSWORD = envx("MicrosoftAppPassword");
2, And you also need to check the environment variables are set correctly in Application settings of Azure Web App, which is shown at https://github.com/MicrosoftDX/botauth/tree/master/Node/examples/aadv2#3-setup-environment-variables
3, You can leverage online code editor to develop, debug, and manage your project on Azure Web Apps.
And in the output column, you can see the detailed errors throwm by the application. You can leverage these info to narrow down your issue.
Tips, after you changing the application settings, it's better to restart your Azure Web App.

Get app service name in azure programmatically

Simple question, hopefully a simple answer :)
How to I get the app service name, displayed as "test-webapp" in the picture below, from code (C#)? (any other identifier of a specific app service also works).
I have multiple app services, running same code. So I want to be able to express
if(appServiceName == "test-webapp")
{
//take a specific value from web.config and run with it
}
You can get it from the WEBSITE_SITE_NAME environment variable.
To get the variable, use something like:
string siteName = System.Environment.GetEnvironmentVariable("WEBSITE_SITE_NAME")
You can see a list of environment variables available here: https://github.com/projectkudu/kudu/wiki/Azure-runtime-environment.

How can I sign a JWT token on an Azure WebJob without getting a CryptographicException?

I have a WebJob that needs to create a JWT token to talk with an external service. The following code works when I run the WebJob on my local machine:
public static string SignES256(byte[] p8Certificate, object header, object payload)
{
var headerString = JsonConvert.SerializeObject(header);
var payloadString = JsonConvert.SerializeObject(payload);
CngKey key = CngKey.Import(p8Certificate, CngKeyBlobFormat.Pkcs8PrivateBlob);
using (ECDsaCng dsa = new ECDsaCng(key))
{
dsa.HashAlgorithm = CngAlgorithm.Sha256;
var unsignedJwtData = Base64UrlEncoder.Encode(Encoding.UTF8.GetBytes(headerString)) + "." + Base64UrlEncoder.Encode(Encoding.UTF8.GetBytes(payloadString));
var signature = dsa.SignData(Encoding.UTF8.GetBytes(unsignedJwtData));
return unsignedJwtData + "." + Base64UrlEncoder.Encode(signature);
}
}
However, when I deploy my WebJob to Azure, I get the following exception:
Microsoft.Azure.WebJobs.Host.FunctionInvocationException: Exception while executing function: NotificationFunctions.QueueOperation ---> System.Security.Cryptography.CryptographicException: The system cannot find the file specified. at System.Security.Cryptography.NCryptNative.ImportKey(SafeNCryptProviderHandle provider, Byte[] keyBlob, String format) at System.Security.Cryptography.CngKey.Import(Byte[] keyBlob, CngKeyBlobFormat format, CngProvider provider)
It says it can't find a specified file, but the parameters I am passing in are not looking at a file location, they are in memory. From what I have gathered, there may be some kind of cryptography setting I need to enable to be able to use the CngKey.Import method, but I can't find any settings in the Azure portal to configure related to this.
I have also tried using JwtSecurityTokenHandler, but it doesn't seem to handle the ES256 hashing algorithm I need to use (even though it is referenced in the JwtAlgorithms class as ECDSA_SHA256).
Any suggestions would be appreciated!
UPDATE
It appears that CngKey.Import may actually be trying to store the certificate somewhere that is not accessible on Azure. I don't need it stored, so if there is a better way to access the certificate in memory or convert it to a different kind of certificate that would be easier to use that would work.
UPDATE 2
This issue might be related to Azure Web Apps IIS setting not loading the user profile as mentioned here. I have enabled this by setting WEBSITE_LOAD_USER_PROFILE = 1 in the Azure portal app settings. I have tried with this update when running the code both via the WebJob and the Web App in Azure but I still receive the same error.
I used a decompiler to take a look under the hood at what the CngKey.Import method was actually doing. It looks like it tries to insert the certificate I am using into the "Microsoft Software Key Storage Provider". I don't actually need this, just need to read the value of the certificate but it doesn't look like that is possible.
Once I realized a certificate is getting inserted into a store somewhere one the machine, I started thinking about how bad of a think that would be from a security standpoint if your Azure Web App was running in a shared environment, like it does for the Free and Shared tiers. Sure enough, my VM was on the Shared tier. Scaling it up to the Basic tier resolved this issue.

Resources