Amazon have some examples of signing their REST calls with HMAC. However using the following code in a Metro / WinRT app the signatures don't match up.

Method to calculate the HMAC:

internal string CreateHMAC(
        string message,
        string algorithmName,
        string key)
    {
        MacAlgorithmProvider macAlgorithmProvider = MacAlgorithmProvider.OpenAlgorithm(algorithmName);
        var binaryMessage = CryptographicBuffer.ConvertStringToBinary(message, BinaryStringEncoding.Utf8);
        var binaryKeyMaterial = CryptographicBuffer.ConvertStringToBinary(key, BinaryStringEncoding.Utf8);
        var hmacKey = macAlgorithmProvider.CreateKey(binaryKeyMaterial);
        var binarySignedMessage = CryptographicEngine.Sign(hmacKey, binaryMessage);
        var signedMessage = CryptographicBuffer.EncodeToBase64String(binarySignedMessage);
        return signedMessage;
    }

Test to check example:

var hmac = this.Amazon.CreateHMAC("GET\nwebservices.amazon.com\n/onca/xml\nAWSAccessKeyId=AKIAIOSFODNN7EXAMPLE&ItemId=0679722769&Operation=ItemLookup&ResponseGroup=ItemAttributes%2COffers%2CImages%2CReviews&Service=AWSECommerceService&Timestamp=2009-01-01T12%3A00%3A00Z&Version=2009-01-06", "HMAC_SHA256", "1234567890");
var encoded = WebUtility.UrlEncode(hmac);
Assert.AreEqual("Nace%2BU3Az4OhN7tISqgs1vdLBHBEijWcBeCqL5xN9xg%3D", encoded);

And the actual result is:

M%2fy0%2bEAFFGaUAp4bWv%2fWEuXYah99pVsxvqtAuC8YN7I%3d

Has any one else successfully created an HMAC on WinRT? Or can you see what I'm doing wrong?

The Amazon Documentation is incorrect/out of date - use ecs.amazonaws.com instead of webservices.amazon.com

So sign this:

GET\necs.amazonaws.com\n/onca/xml\nAWSAccessKeyId=AKIAIOSFODNN7EXAMPLE&ItemId=0679722769&Operation=ItemLookup&ResponseGroup=ItemAttributes%2COffers%2CImages%2CReviews&Service=AWSECommerceService&Timestamp=2009-01-01T12%3A00%3A00Z&Version=2009-01-06

Sorry this is a really quick reply!

The key in amazon is a Base64 string, so you need to convert this string to IBuffer object, but starting from already binary content exposed as Base 64 string. You are converting a normal string to binary wich is not the case. try this

var algorithmProvider = MacAlgorithmProvider.OpenAlgorithm(algorithmName);

var binaryKeyMaterial = CryptographicBuffer.DecodeFromBase64String(key);
var hmacKey = algorithmProvider.CreateKey(binaryKeyMaterial );

In this blog article I've wrote about how to create the signature from WinRT is in spanish but code is universal and you can translate it via bing translator or some others.