Azure API Management delegation signature fails for ChangeProfile operation
I am using Azure API Management with delegation, and I can successfully validate the signature for all operations except ChangeProfile.
I am following this documentation: https://learn.microsoft.com/en-us/azure/api-management/api-management-howto-setup-delegation
However, for the ChangeProfile operation, the signature calculation always produces a different value.
Below is the code that generates the signature:
public async Task OnGetAsync(
string userId,
string operation,
string returnUrl,
string salt,
string sig
) {
const string signUpOperationId = "SignUp";
const string signInOperationId = "SignIn";
const string signOutOperationId = "SignOut";
const string changePasswordOperationId = "ChangePassword";
const string changeProfileOperationId = "ChangeProfile";
const string closeAccountOperationId = "CloseAccount";
using (var encoder = new HMACSHA512(Convert.FromBase64String("azure-apim-validation-key-here"))) {
switch (operation) {
case signInOperationId:
case signUpOperationId:
signature = Convert.ToBase64String(
encoder.ComputeHash(Encoding.UTF8.GetBytes($"{salt}\n{returnUrl}")));
break;
case signOutOperationId:
case changePasswordOperationId:
case closeAccountOperationId:
case changeProfileOperationId:
signature = Convert.ToBase64String(
encoder.ComputeHash(Encoding.UTF8.GetBytes($"{salt}\n{userId}")));
break;
}
}
if (sig != signature) {
// invalid signature
}
// rest of the code
}
The signature for all other operations always matches the sig query parameter, but the ChangeProfile operation consistently fails validation.