Azure web app iOS notifications are not working.

[madhavanadkat]

When we publish this code on Azure - we are getting below error.

We have talked, azure technical support and they are saying -> your code is trying to write something to server area and that is not possible in azure.

this code is generating error on azure server.
var apns = ApnsClient.CreateUsingJwt(new HttpClient(new WinHttpHandler()), options);

can you help with this, any help is much appreciated.

System.Security.Cryptography.NCryptNative.ImportKey(SafeNCryptProviderHandle provider, Byte[] keyBlob, String format)
at System.Security.Cryptography.CngKey.Import(Byte[] keyBlob, String curveName, CngKeyBlobFormat format, CngProvider provider)
at dotAPNS.ApnsClient.CreateUsingJwt(HttpClient http, ApnsJwtOptions options)
at FileReadDemo.Helper.PushNotification.d__1.MoveNext()

[alexalok]

Please try this workaround.

[mohitdangar]

Add Key into App settings but it doesn't work for me.

Is there any other solution

[madhavanadkat]

hey alex, thanks for reply but its not working still.

[alexalok]

@mohitdangar, if your problem is not related to the one described in the first message, please file a separate issue. Make sure to provide a full stacktrace of the exception.

@madhavanadkat, can you please provide a full stacktrace, including the exception message?

[madhavanadkat]

System.Security.Cryptography.NCryptNative.ImportKey(SafeNCryptProviderHandle provider, Byte[] keyBlob, String format)
at System.Security.Cryptography.CngKey.Import(Byte[] keyBlob, String curveName, CngKeyBlobFormat format, CngProvider provider)
at dotAPNS.ApnsClient.CreateUsingJwt(HttpClient http, ApnsJwtOptions options)
at FileReadDemo.Helper.PushNotification.d__1.MoveNext()

this is the exception and we got from cloud remote debugging.

[madhavanadkat]

alex, we both are in same team, just to avoid confusion.

[alexalok]

alex, we both are in same team, just to avoid confusion.

Oh, sorry, my bad :)

this is the exception and we got from cloud remote debugging.

So there is no exception message shown in the remote debugging? Like in an example below (notice there's a message in the very first line):

System.Exception: This is the exception message.
   at <Program>$.<Main>$(String[] args) in C:\sources\TestyTest\TestyTestConsole\Program.cs:line 8

[mohitdangar]

Exception Message: The system cannot find the file specified.

and its raise from below line
var apns = ApnsClient.CreateUsingJwt(new HttpClient(new WinHttpHandler()), options);

[alexalok]

@mohitdangar, thanks!

Please take a look at this question. Looks like one just cannot use CngKey.Import on Azure when running on a Free/Shared tier. Unfortunately, dotAPNS uses this call during a JWT generation.

There are 2 immediate workarounds for this:

1. Move to a Basic tier.
2. Use a certificate authentication instead of a JWT-based one.

I will try to drop the CngKey.Import usage if I have time next week but unfortunately I cannot promise you I will be able to. I'm not experienced enough in cryptographic features of the .NET ecosystem. Yet I will try my best!

[madhavanadkat]

thanks @alexalok it will be a great help .. thanks for the quick update.

[madhavanadkat]

@alexalok - for now we have converted our Azure plan from shared to basic B plan and notifications are working.

2 things we needs to do, 1st we need to convert azure plan to basic b1 and alos WEBSITE_LOAD_USER_PROFILE = 1 this key in azure app setting.

notifications are working .. for other to help I am updating here.

[alexalok]

Perfect, thanks for sharing!

[alexalok]

Going to close the issue since it seems the proposed workaround did work. Feel free to reopen should you have any more difficulties.

[mohitdangar]

@alexalok We faced one issue on notification. while we sending more than one notification continues on same device token then it will return the error "TooManyProviderTokenUpdates".

Can you help me on this ?

[alexalok]

You should make sure the ApnsClient instance you create persists between calls to SendAsync(). If you create multiple ApnsClient instances they each generate their own JWT. APNs docs state that

APNs reports an error if you recreate your tokens more than once every 20 minutes.

So in a nutshell, if you're recreating ApnsClient more often then once per 20 minutes you may eventually hit the TooManyProviderTokenUpdates error.

[madhavanadkat]

@alexalok thanks for the quick reply, we did the research from our side also and you are right we are generating new token on every request, now we will make the code until 1 hr or less than 1 hr new token will not be generate.

will keep you updated over here so, it will be on google for others help as well.

[penguinawesome]

@mohitdangar what kind of error are you encountering with "The system cannot find the file specified" ?

Is it like this:

Exception Type:
NetworkInformationException

Message:
The system cannot find the file specified

Stack Trace:
at System.Net.NetworkInformation.SystemIPGlobalProperties.GetFixedInfo()
at System.Net.NetworkInformation.SystemIPGlobalProperties.get_FixedInfo()
at System.Net.NetworkInformation.SystemIPGlobalProperties.get_DomainName()
at System.Net.CookieContainer..ctor()
at System.Net.Http.HttpClientHandler..ctor()

??

[Shahaji-Mograsys]

@mohitdangar, thanks!

Please take a look at this question. Looks like one just cannot use CngKey.Import on Azure when running on a Free/Shared tier. Unfortunately, dotAPNS uses this call during a JWT generation.

There are 2 immediate workarounds for this:

1. Move to a Basic tier.
2. Use a certificate authentication instead of a JWT-based one.

I will try to drop the CngKey.Import usage if I have time next week but unfortunately I cannot promise you I will be able to. I'm not experienced enough in cryptographic features of the .NET ecosystem. Yet I will try my best!

@alexalok but , Certificate-based connection is not supported on all .NET Framework versions and on .NET Core 2.x or lower

[carlcartagena]

https://stackoverflow.com/a/68913031/9372032
Setting WEBSITE_LOAD_USER_PROFILE to equal 1 in the Azure App Service Configuration Strings works.

[j3rm]

Just curious, if ApnsClient and the token should be persisted to avoid APNS throwing the "TooManyProviderTokenUpdates" error, how does one save the bearer toke and provide it to new instances? I do not see any methods to view the bearer token. I have multiple apps, and servers in different geo regions behind load balanced ( web farms). Based on what I am reading, we need to create the apnsClient, then get the bearertoken, store it somewhere so that all servers can get access to, then every 1 hour renew the token, and update all servers. I don't see a way to provide the bearer token to new instances of apnsClient so they do not call APNS and try to create another bearer token. Have I miss understood something? Thanks for any clarity you can provide.