protected virtual IOss GetSecurityTokenClient(AliyunBlobProviderConfiguration configuration)
{
Check.NotNullOrWhiteSpace(configuration.RoleArn, nameof(configuration.RoleArn));
Check.NotNullOrWhiteSpace(configuration.RoleSessionName, nameof(configuration.RoleSessionName));
var cacheItem = Cache.Get(configuration.TemporaryCredentialsCacheKey);
if (cacheItem == null)
{
IClientProfile profile = DefaultProfile.GetProfile(
configuration.RegionId,
configuration.AccessKeyId,
configuration.AccessKeySecret);
DefaultAcsClient client = new DefaultAcsClient(profile);
AssumeRoleRequest request = new AssumeRoleRequest
{
AcceptFormat = FormatType.JSON,
//eg:acs:ram::$accountID:role/$roleName
RoleArn = configuration.RoleArn,
RoleSessionName = configuration.RoleSessionName,
//Set the validity period of the temporary access credential, the unit is s, the minimum is 900, and the maximum is 3600. default 3600
DurationSeconds = configuration.DurationSeconds,
//Set additional permission policy of Token; when acquiring Token, further reduce the permission of Token by setting an additional permission policy
Policy = configuration.Policy.IsNullOrEmpty() ? null : configuration.Policy,
};
var response = client.GetAcsResponse(request);
cacheItem = SetTemporaryCredentialsCache(configuration, response.Credentials);
}
return(new OssClient(
configuration.Endpoint,
StringEncryptionService.Decrypt(cacheItem.AccessKeyId),
StringEncryptionService.Decrypt(cacheItem.AccessKeySecret),
StringEncryptionService.Decrypt(cacheItem.SecurityToken)));
}
public virtual IOss Create(AliyunBlobProviderConfiguration configuration)
{
Check.NotNullOrWhiteSpace(configuration.AccessKeyId, nameof(configuration.AccessKeyId));
Check.NotNullOrWhiteSpace(configuration.AccessKeySecret, nameof(configuration.AccessKeySecret));
Check.NotNullOrWhiteSpace(configuration.Endpoint, nameof(configuration.Endpoint));
if (configuration.UseSecurityTokenService)
{
//STS temporary authorization to access OSS
return(GetSecurityTokenClient(configuration));
}
//Sub-account
return(new OssClient(configuration.Endpoint, configuration.AccessKeyId, configuration.AccessKeySecret));
}
private AliyunTemporaryCredentialsCacheItem SetTemporaryCredentialsCache(
AliyunBlobProviderConfiguration configuration,
AssumeRole_Credentials credentials)
{
var temporaryCredentialsCache = new AliyunTemporaryCredentialsCacheItem(
StringEncryptionService.Encrypt(credentials.AccessKeyId),
StringEncryptionService.Encrypt(credentials.AccessKeySecret),
StringEncryptionService.Encrypt(credentials.SecurityToken));
Cache.Set(configuration.TemporaryCredentialsCacheKey, temporaryCredentialsCache,
new DistributedCacheEntryOptions
{
AbsoluteExpirationRelativeToNow = TimeSpan.FromSeconds(configuration.DurationSeconds - 10)
});
return(temporaryCredentialsCache);
}
public override void ConfigureServices(ServiceConfigurationContext context)
{
context.Services.ReplaceConfiguration(ConfigurationHelper.BuildConfiguration(builderAction: builder =>
{
builder.AddUserSecrets(UserSecretsId);
}));
var configuration = context.Services.GetConfiguration();
var accessKeyId = configuration["Aliyun:AccessKeyId"];
var accessKeySecret = configuration["Aliyun:AccessKeySecret"];
var endpoint = configuration["Aliyun:Endpoint"];
var regionId = configuration["Aliyun:RegionId"];
var roleArn = configuration["Aliyun:RoleArn"];
Configure <AbpBlobStoringOptions>(options =>
{
options.Containers.ConfigureAll((containerName, containerConfiguration) =>
{
containerConfiguration.UseAliyun(aliyun =>
{
aliyun.AccessKeyId = accessKeyId;
aliyun.AccessKeySecret = accessKeySecret;
aliyun.Endpoint = endpoint;
//STS
aliyun.UseSecurityTokenService = true;
aliyun.RegionId = regionId;
aliyun.RoleArn = roleArn;
aliyun.RoleSessionName = Guid.NewGuid().ToString("N");
aliyun.DurationSeconds = 900;
aliyun.Policy = String.Empty;
//Other
aliyun.CreateContainerIfNotExists = true;
aliyun.ContainerName = _randomContainerName;
aliyun.TemporaryCredentialsCacheKey = "297A96094D7048DBB2C28C3FDB20839A";
_configuration = aliyun;
});
});
});
}
protected virtual IOss GetOssClient(AliyunBlobProviderConfiguration aliyunConfig)
{
return(OssClientFactory.Create(aliyunConfig));
}
