post-thumb

How to implement Singed Cookies in Unity with CloudFront?

There are many ways to protect your contents on CloudFront. However, it’s quite hard to find a full example to implement Singed Cookies in Unity with CloudFront.

In this post, we will show

  • how to embed signed cookies in the HTTP request header with Best Http/2 using Unity and
  • download resource files from CloudFront.

What is Best Http/2?

Feature:

  1. Support HTTP/2
  2. Support multiple platforms
    • WebGL
    • OS, Android
    • UWP, Windows, Mac OS X, Linux

Download:

Analysis:

This plugin can save your time to optimize the HTTP library in HTTP/1/2 for multiple platforms. If you choose an open-source solution, you need to spend a lot of effort to tweak and make it work on mobiles.

Before we get started, you need to set up Signed Cookie for CloudFront properly on AWS.


  • You need to create key pair on CloudFront
  • Setup public key ID on CloudFront and create S3 Bucket with OAI
  • Copy private key to your server

  1. Download sample code
git clone https://github.com/gcoolmaneric/create-signed-cookie.git

You can integrate these codes to implement and return a signed cookie for the client on the server side.

  1. vim create_sign_cookie.go
  2. Setup key ID, private key, CloudFront Resource URL below.
// Key Id your created on CloudFront
keyID := "XXXXXXXXX"    

// CloudFront private key                                                 
privKeyPath := "./private_key.pem"   

// CloudFront Resouce URL                                                                   
url := "https://xxxxxxxx.cloudfront.net/512MB.zip"

  1. To create a signed cookie, then run
go run create_signed_cookie.go

You will get cloud policy, cloud signature, and cloudKeyPair Id in the console log.

  1. Copy cloud policy, cloud signature, and cloudKeyPair for the next step

Next, we start to implement the client-side with Unity.


Step::

  • Download sample code
git clone https://github.com/gcoolmaneric/unity-http2-signed-cookie.git

  • import plugin Best Http/2 into your project

  • modify serverResourceUrl, cloudPolicy, cloudSignature, cloudKeyPairId at MyHttpApp.cs

    // Replace serverResourceUrl with yours
string serverResourceUrl = "https://xxxxxx.cloudfront.net/512MB.zip";

// Update cloudPolicy, cloudSignature, cloudKeyPairId from previous step
string cloudPolicy = "";
string cloudSignature = "";
string cloudKeyPairId = "";

  • Open the sample scene

  • build an app and deploy it to the device to test

Run : go run create_sign_cookie.go to get cloudPolicy, cloudSignature, and cloudKeyPairId on the server. Remember you need to setup CloudFront and S3 properly beforehand.


Best Http/2 in S3 and CloudFront

To compare the performance and validate Best Http/2, we downloaded resource files from S3 or CloudFront by the following settings.

  • Resouce Source: S3 or CludFront + S3
  • Resouce Size: 512 MB
  • Deivce: iPhone7
  • Http Libarary: Best Http/2

We found the performance of CloudFront is much faster than S3. Because S3 uses Http/1 while CloudFront uses Http/2.

Furthermore, Best Http/2 can achieve the download time at around 46 sec for 512 MB of resource file on iPhone7 without memory leak or crash.


Summary

In this post, you learn how to create signed cookie Sample Code on the service side in Go and how to embed a signed cookie on the client-side with Best Http/2.

To ensure performance and security, setting up a signed cookie for CloudFront and S3 should be a good option to protect your private content.

Best Http/2 functions very well on the device in terms of availability and performance.

It can make your project become more productive without worrying about technical challenging to optimize the downloading time of game resource files.

You can spend more time on creating funny games but not on optimization in HTTP protocol.

You might be interested in

How to reverse engineer C# and Unity3D Games?