+1  A: 

Here is the full code if anyone if interested:

internal class CloudFrontSecurityProvider
{
    private readonly RSACryptoServiceProvider privateKey;
    private readonly string privateKeyId;
    private readonly SHA1Managed sha1 = new SHA1Managed();

    public CloudFrontSecurityProvider(string privateKeyId, string privateKey)
    {
        this.privateKey = new RSACryptoServiceProvider();
        RSACryptoServiceProvider.UseMachineKeyStore = false;

        this.privateKey.FromXmlString( privateKey );
        this.privateKeyId = privateKeyId;
    }
    private static int GetUnixTime(DateTime time)
    {
        DateTime referenceTime = new DateTime(1970, 1,1);
        return (int) (time - referenceTime).TotalSeconds;

    }

    public string GetCannedUrl(string url, DateTime expiration)
    {

        string expirationEpoch = GetUnixTime( expiration ).ToString();

        string policy =
            @"{""Statement"":[{""Resource"":""<url>"",""Condition"":{""DateLessThan"":{""AWS:EpochTime"":<expiration>}}}]}".
                Replace( "<url>", url ).
                Replace( "<expiration>", expirationEpoch );


        string signature = GetUrlSafeString( Sign( policy ) );

        return url + string.Format("?Expires={0}&Signature={1}&Key-Pair-Id={2}", expirationEpoch, signature, this.privateKeyId);
    }

    private static string GetUrlSafeString(byte[] data)
    {
        return Convert.ToBase64String( data ).Replace( '+', '-' ).Replace( '=', '_' ).Replace( '/', '~' );
    }

    private byte[] Sign(string data)
    {
            byte[] plainbytes = Encoding.UTF8.GetBytes(data);

            byte[] hash = sha1.ComputeHash(plainbytes);

            return this.privateKey.SignHash(hash, "SHA1");
    }

}
Gael Fraiteur  2010-03-30 12:21:48
Be careful with the expiration time that is passed in. It needs to be related to UTC time.
beckelmw  2010-03-30 18:32:47
A: 

I have been working on this as well. Here is the solution I came up with:

http://beckelman.net/post/2010/03/30/Policy-Signing-in-C-for-Streaming-Private-Content-From-Amazon-CloudFront.aspx

beckelmw  2010-03-30 18:33:37

related questions

Displaying Flash content in a C# WinForms application
How to get the value of built, encoded ViewState?
Unhandled Exception Handler in .NET 1.1
How do I connect to a database and loop over a recordset in C#?
How do I most elegantly express left join with aggregate SQL as LINQ query
Get a new object instance from a Type in C#
.NET Testing Framework Advice
Automatically update version number
What is the difference between an int and an Integer in Java/C#?
How to write to Web.Config in Medium Trust ?
WinForms ComboBox data binding gotcha
How do you sort a C# dictionary by value?
Adding Scripting functionality to .NET applications
Floating Point Number parsing: Is there a Catch All algorithm?
How do I print an HTML document from a web service?
Decoding T-SQL CAST in C#/VB.net
Anatomy of a "Memory Leak"
How do I get a distinct, ordered list of names from a DataTable using Linq
Reliable Timer in a Console Application
How do I fill a DataSet or a DataTable from a LINQ query resultset ?
What's the difference between Math.Floor() and Math.Truncate() in .NET?
How do I calculate relative time?
How do I calculate someone's age in C#?
Are there any conversion tools for porting Visual J# code to C#?
When setting a form's opacity should I use a decimal or double?