Blazor WASM .NET 5 RC2 and Azure Cosmos DB - System.Security.Cryptography.Algorithms is not supported on this platform

[dotnetspark]

Bug

I have a vanilla Blazor WASM (standalone) application reading a container from Azure Cosmos DB. Before upgrading to .NET 5 RC1 it was working fine. This is the same application I had issues with in #26043. After upgrading packages to RC2 I still get exceptions (see image below) in the Developer Console.

Program.cs

public class Program
{
	public static async Task Main(string[] args)
	{
		var builder = WebAssemblyHostBuilder.CreateDefault(args);
		builder.RootComponents.Add<App>("app");

		builder.Services.AddScoped(sp => new HttpClient { BaseAddress = new Uri(builder.HostEnvironment.BaseAddress) });
		builder.Services.AddHttpClient();
		builder.Services.AddSingleton<CosmosClient>(serviceProvider =>
		{
			IHttpClientFactory httpClientFactory = serviceProvider.GetRequiredService<IHttpClientFactory>();

			CosmosClientOptions cosmosClientOptions = new CosmosClientOptions
			{
				HttpClientFactory = httpClientFactory.CreateClient,
				ConnectionMode = ConnectionMode.Gateway
			};

			return new CosmosClient("<endpoint-connectionString>", cosmosClientOptions);
		});

		await builder.Build().RunAsync();
	}
}

Packages

    <PackageReference Include="Microsoft.AspNetCore.Components.WebAssembly" Version="5.0.0-rtm.20479.13" />
    <PackageReference Include="Microsoft.AspNetCore.Components.WebAssembly.DevServer" Version="5.0.0-rtm.20479.13" PrivateAssets="all" />
    <PackageReference Include="Microsoft.Azure.Cosmos" Version="3.13.0" />
    <PackageReference Include="Microsoft.Extensions.Http" Version="6.0.0-alpha.1.20420.3" />
    <PackageReference Include="System.Net.Http.Json" Version="6.0.0-alpha.1.20420.3" />

Exceptions

[campersau]

Similar to dotnet/runtime#42384, #26123 but for a different type.

Some types were brought back in rc2 (dotnet/runtime#40076) but I don't think HMACSHA256 was one of them.

https://github.com/dotnet/runtime/blob/b1ca1f4eb040e42045718e265775f79eea982d32/src/libraries/System.Security.Cryptography.Algorithms/src/System/Security/Cryptography/HMACSHA256.cs#L17-L18

Reference Azure/azure-cosmos-dotnet-v3#1865

[javiercn]

@ylr-research thanks for contacting us.

As described by @campersau this is a known limitation in 5.0.

[HaoK]

We believe things are better in RC2, @lewing can you confirm?

[lewing]

SHA256 hashes are in net5.0 but not HMACSHA256 so this will still fail.

[dotnetspark]

@HaoK I have installed the RC2 (see image) and the must current packages, and this still fails.

    <PackageReference Include="Microsoft.AspNetCore.Components.WebAssembly" Version="5.0.0-rtm.20502.9" />
    <PackageReference Include="Microsoft.AspNetCore.Components.WebAssembly.DevServer" Version="5.0.0-rtm.20502.9" PrivateAssets="all" />
    <PackageReference Include="Microsoft.Azure.Cosmos" Version="3.13.0" />
    <PackageReference Include="Microsoft.Extensions.Http" Version="6.0.0-alpha.1.20420.3" />
    <PackageReference Include="Microsoft.Extensions.Localization" Version="5.0.0-rtm.20502.9" />
    <PackageReference Include="System.Net.Http.Json" Version="6.0.0-alpha.1.20420.3" />

@lewing, in my code I don't specify which encryption method should be use. Thus, I'd say is defaulted in the AzureCosmos SDK.

[dotnetspark]

as a matter of fact, here it is where AzureCosmos SDK is defaulting the encryption method.

        public GatewayAccountReader(Uri serviceEndpoint,
                IComputeHash stringHMACSHA256Helper,
                bool hasResourceToken,
                string resourceToken,
                ConnectionPolicy connectionPolicy,
                CosmosHttpClient httpClient)
        {
            this.httpClient = httpClient;
            this.serviceEndpoint = serviceEndpoint;
            this.authKeyHashFunction = stringHMACSHA256Helper;
            this.hasAuthKeyResourceToken = hasResourceToken;
            this.authKeyResourceToken = resourceToken;
            this.connectionPolicy = connectionPolicy;
        }

@ealsur do I have a way to set the encryption method?

[ealsur]

The code uses byte[] hashPayLoad = stringHMACSHA256Helper.ComputeHash(payload.Buffer); which seems to have this implementation: https://github.com/Azure/azure-cosmos-dotnet-v3/blob/master/Microsoft.Azure.Cosmos/src/Authorization/SecureStringHMACSHA256Helper.cs#L20

Currently I don't see anything in the public contract of the SDK to inject your implementation, I'm guessing that the hash is part of the contract of the service, right @j82w?

[lewing]

@ealsur I suspect the correct link is https://github.com/Azure/azure-cosmos-dotnet-v3/blob/master/Microsoft.Azure.Cosmos/src/Authorization/StringHMACSHA256Hash.cs

[j82w]

@lewing SecureString isn't recommended for new development.

[lewing]

right, I was just trying to point out the correct file. I've edited the comment for clarity.

[mkArtakMSFT]

Folks are claiming above that this wasn't resolved in RC2. @lewing can you please share a summary of what's the current state of this? Is there pending work here?

[lewing]

This will not be fixed in .NET 5.0 see the discussion here Azure/azure-cosmos-dotnet-v3#1865 (comment)

We plan to fix this in .NET 6.0

[mkArtakMSFT]

Thanks @lewing.
Closing this as there is nothing we can do here. @ylr-research please use the referenced issue to track progress.