Microsoft Azure within Unity

Hey,

I want to connect Microsoft Azure within my Unity project. Therefore I have some C# scripts and I use AMQP. The scirpts work well, but not within my Unity project. There I get the following error message:

TlsException: Invalid certificate received from server.
Mono.Security.Protocol.Tls.Handshake.Client.TlsServerCertificate.validateCertificates (Mono.Security.X509.X509CertificateCollection certificates)
Mono.Security.Protocol.Tls.Handshake.Client.TlsServerCertificate.ProcessAsTls1 ()
Mono.Security.Protocol.Tls.Handshake.HandshakeMessage.Process ()
(wrapper remoting-invoke-with-check) Mono.Security.Protocol.Tls.Handshake.HandshakeMessage:.Process ()
Mono.Security.Protocol.Tls.ClientRecordProtocol.ProcessHandshakeMessage (Mono.Security.Protocol.Tls.TlsStream handMsg)
Mono.Security.Protocol.Tls.RecordProtocol.InternalReceiveRecordCallback (IAsyncResult asyncResult)
Rethrow as IOException: The authentication or decryption has failed.
Mono.Security.Protocol.Tls.SslStreamBase.AsyncHandshakeCallback (IAsyncResult asyncResult)


Does anybody know, how to solve this problem? I'd be very grateful about an answer.

 

Never used Azure before but from the error seems you are missing a certificate...? Or something went wrong with authentication....

 

Hi,

thank you for your reply! authentification works. Okay, I read about missing a cirtificate in some other threads, but I wasn't able to find out, how to handle this...

 

I was under the impression that AMQP is only for IoT communication ("Internet of Things" -- so-called "smart" devices like TVs or refrigerators), not end-user applications. I could be wrong about that, though. But I think the X.509 certificate type for IoT may be different than other Azure cert-based authorization.

In any case, for all Azure dev/test work you can upload a certain number of "self-signed" certificates that you create yourself. Microsoft has a lot of documentation about how to do this. Microsoft has a ton of information online about how to do all of this, but here's an easy one to follow:

https://docs.microsoft.com/en-us/azure/cloud-services/cloud-services-certs-create

For production usage, you'll need a certificate from a recognized CA (Certificate Authority). Normally CA-signed certs can be fairly expensive, but apparently this group generates them free of charge. I haven't used them.

http://www.cacert.org/

 

I'm not sure if you're still looking for a solution for this but I've just been playing around with AMQP and Unity. I've created an open source project/library that integrates Unity and AMQP using RabbitMQ's .NET client (although in this case RabbitMQ specifically, not Azure).

https://github.com/CymaticLabs/Unity3D.Amqp

Azure's implementation of AMQP is slightly different than RabbitMQ's and it may not be compatible, but it could be worth a shot. At the very least you can see what I've done, especially as it pertains to SSL. I highlight the many issue surrounding using SSL with AMQP and Unity; as pointed out by @AndyJenkins30 this is mostly related to Unity's fork of Mono and how it handles SSL/TLS certificate validation. I have a bit of a write-up on it in my project here: https://github.com/CymaticLabs/Unity3D.Amqp#ssl-support

Basically you will have to add the certificate separately to Mono's trusted store which is different than Window's built in certificate store. Or if you are just developing and are not worried about verifying the integrity of the server's certificate you can apply your own RemoteCertificateValidationCallback as described in this thread: http://answers.unity3d.com/questions/50013/httpwebrequestgetrequeststream-https-certificate-e.html

In terms of AMQP being only used for IoT: that's not true. In fact AMQP generally predates IoT use cases. Some of its original uses where actually related to financial markets and financial trading. Some financial institutions/banks were tired of vendor lock-in and monopolization with enterprise service bus messaging systems and wanted to help create a new open standard that they could use.

It's just a protocol for creating message bus systems which is a pretty generic technology as far as services/network applications are concerned and allows for the implementation of things like publish/subscribe and work queues. Lots of production internet services use message buses, including AMQP.

You might be thinking of MQTT which was more designed for IoT - it's a much simpler protocol with a much more lightweight implementation that focuses on small code footprint, smaller packet sizes, and battery life. Although just like AMQP people are using it for other applications as well.

 

Azure will accept TLS10 so without forking m2mqtt libs, you can do this:

Code (CSharp):

1. if (options.UseSSL)
2.             {
3.                 _platform = new uPLibrary.Networking.M2Mqtt.MqttClient(_connectionOptions.Host, _connectionOptions.Port, true, null, null, uPLibrary.Networking.M2Mqtt.MqttSslProtocols.TLSv1_0);
4.  
5.                 //HACK: since we do not want to maintain the m2mqtt lib ourselves, we just have to inject our own cert callback
6.                 if(options.AcceptInvalidServerCertificate)
7.                 {
8.                     MethodInfo mi = _platform.GetType().GetMethod("Init",BindingFlags.NonPublic | BindingFlags.Instance);
9.                     RemoteCertificateValidationCallback certValidationCallback = new RemoteCertificateValidationCallback((sender, certificate, chain, policyErrors) => { return true; });
10.                     mi.Invoke(_platform, new object[] { _connectionOptions.Host, _connectionOptions.Port, true, null, null, uPLibrary.Networking.M2Mqtt.MqttSslProtocols.TLSv1_0, certValidationCallback, null });
11.                 }
12.             }

 

Hello Buddy,

I ran into a similar problem: A unity application I'm working on calls some .net logic in a dll file. That dll makes a .Net HttpWebRequest, which would run fine from visual stuido but get an error message similar to the one above - the request somehow being blocked by the security policy.

The problem, when caused by a .net web request, yielded very few hits on google (if you don't read Korean, that is) so I thought I'd post my solution. There were plenty of hits on the problem caused by running in webplayer, and my solution is mostly a boil-down and combination of those.

Problem was solved by putting a crossdomain.xml file in the root of the unity project. The crossdomain.xml must be utf-8 encoded according to this (also has an example of a crossdomain.xml): http://answers.unity3d.com/questions/23006/crossdomainxml-policy-file.html | Microsoft Azure

For my problem, the crossdomain.xml also had to specify "to-ports" - i.e.

1. <allow-access-from domain="*" to-ports="1200-1220"/>

For more info, check out : https://forum.unity.com/

I hope this will helps you

Thanks
Sarahjohn