private CredentialsRefreshState Authenticate(ICredentials userCredential, TimeSpan credentialDuration)
{
CredentialsRefreshState state;
var configuredRegion = !string.IsNullOrEmpty(ProfileData.Region) ? ProfileData.Region : AWSConfigs.AWSRegion;
var region = string.IsNullOrEmpty(configuredRegion)
? DefaultSTSClientRegion
: RegionEndpoint.GetBySystemName(configuredRegion);
ICoreAmazonSTS coreSTSClient = null;
try
{
var stsConfig = ServiceClientHelpers.CreateServiceConfig(ServiceClientHelpers.STS_ASSEMBLY_NAME,
ServiceClientHelpers.STS_SERVICE_CONFIG_NAME);
stsConfig.RegionEndpoint = region;
if (_proxySettings != null)
{
stsConfig.SetWebProxy(_proxySettings);
}
coreSTSClient
= ServiceClientHelpers.CreateServiceFromAssembly <ICoreAmazonSTS>(ServiceClientHelpers.STS_ASSEMBLY_NAME,
ServiceClientHelpers.STS_SERVICE_CLASS_NAME,
new AnonymousAWSCredentials(),
stsConfig);
}
catch (Exception e)
{
var msg = string.Format(CultureInfo.CurrentCulture,
"Assembly {0} could not be found or loaded. This assembly must be available at runtime to use this profile class.",
ServiceClientHelpers.STS_ASSEMBLY_NAME);
throw new InvalidOperationException(msg, e);
}
try
{
var credentials
= coreSTSClient.CredentialsFromSAMLAuthentication(ProfileData.EndpointSettings.Endpoint.ToString(),
ProfileData.EndpointSettings.AuthenticationType,
ProfileData.RoleArn,
credentialDuration,
userCredential);
ProfileData.PersistSession(credentials);
state = new CredentialsRefreshState(credentials, credentials.Expires);
}
catch (Exception e)
{
var wrappedException = new AmazonClientException("Credential generation from SAML authentication failed.", e);
var logger = Logger.GetLogger(typeof(StoredProfileFederatedCredentials));
logger.Error(wrappedException, wrappedException.Message);
throw wrappedException;
}
return(state);
}
protected override CredentialsRefreshState GenerateNewCredentials()
{
var configuredRegion = AWSConfigs.AWSRegion;
var region = string.IsNullOrEmpty(configuredRegion) ? DefaultSTSClientRegion : RegionEndpoint.GetBySystemName(configuredRegion);
ICoreAmazonSTS coreSTSClient = null;
try
{
var stsConfig = ServiceClientHelpers.CreateServiceConfig(ServiceClientHelpers.STS_ASSEMBLY_NAME, ServiceClientHelpers.STS_SERVICE_CONFIG_NAME);
stsConfig.RegionEndpoint = region;
if (Options != null && Options.ProxySettings != null)
{
stsConfig.SetWebProxy(Options.ProxySettings);
}
coreSTSClient = ServiceClientHelpers.CreateServiceFromAssembly <ICoreAmazonSTS>(
ServiceClientHelpers.STS_ASSEMBLY_NAME, ServiceClientHelpers.STS_SERVICE_CLASS_NAME, SourceCredentials, stsConfig);
}
catch (Exception e)
{
var msg = string.Format(CultureInfo.CurrentCulture,
"Assembly {0} could not be found or loaded. This assembly must be available at runtime to use Amazon.Runtime.AssumeRoleAWSCredentials.",
ServiceClientHelpers.STS_ASSEMBLY_NAME);
var exception = new InvalidOperationException(msg, e);
Logger.GetLogger(typeof(AssumeRoleAWSCredentials)).Error(exception, exception.Message);
throw exception;
}
var credentials = coreSTSClient.CredentialsFromAssumeRoleAuthentication(RoleArn, RoleSessionName, Options);
_logger.InfoFormat("New credentials created for assume role that expire at {0}", credentials.Expiration.ToString("yyyy-MM-ddTHH:mm:ss.fffffffK", CultureInfo.InvariantCulture));
return(new CredentialsRefreshState(credentials, credentials.Expiration));
}
private CredentialsRefreshState Authenticate(ICredentials userCredential)
{
CredentialsRefreshState state;
var region = Options.STSRegion;
if (region == null && !string.IsNullOrEmpty(AWSConfigs.AWSRegion))
{
region = RegionEndpoint.GetBySystemName(AWSConfigs.AWSRegion);
}
else
{
region = DefaultSTSClientRegion;
}
ICoreAmazonSTS coreSTSClient = null;
try
{
var stsConfig = ServiceClientHelpers.CreateServiceConfig(
ServiceClientHelpers.STS_ASSEMBLY_NAME, ServiceClientHelpers.STS_SERVICE_CONFIG_NAME);
stsConfig.RegionEndpoint = region;
if (Options.ProxySettings != null)
{
stsConfig.SetWebProxy(Options.ProxySettings);
}
coreSTSClient = ServiceClientHelpers.CreateServiceFromAssembly <ICoreAmazonSTS>(
ServiceClientHelpers.STS_ASSEMBLY_NAME, ServiceClientHelpers.STS_SERVICE_CLASS_NAME,
new AnonymousAWSCredentials(), stsConfig);
}
catch (Exception e)
{
var msg = string.Format(CultureInfo.CurrentCulture,
"Assembly {0} could not be found or loaded. This assembly must be available at runtime to use this profile class.",
ServiceClientHelpers.STS_ASSEMBLY_NAME);
throw new InvalidOperationException(msg, e);
}
var samlCoreSTSClient
#if NETSTANDARD
= coreSTSClient as ICoreAmazonSTS_SAML;
if (coreSTSClient == null)
{
throw new NotImplementedException("The currently loaded version of AWSSDK.SecurityToken doesn't support SAML authentication.");
}
private CredentialsRefreshState Authenticate(ICredentials userCredential)
{
CredentialsRefreshState state;
var region = Options.STSRegion;
if (region == null && !string.IsNullOrEmpty(AWSConfigs.AWSRegion))
{
region = RegionEndpoint.GetBySystemName(AWSConfigs.AWSRegion);
}
else
{
region = DefaultSTSClientRegion;
}
ICoreAmazonSTS coreSTSClient = null;
try
{
var stsConfig = ServiceClientHelpers.CreateServiceConfig(
ServiceClientHelpers.STS_ASSEMBLY_NAME, ServiceClientHelpers.STS_SERVICE_CONFIG_NAME);
stsConfig.RegionEndpoint = region;
if (Options.ProxySettings != null)
{
stsConfig.SetWebProxy(Options.ProxySettings);
}
coreSTSClient = ServiceClientHelpers.CreateServiceFromAssembly <ICoreAmazonSTS>(
ServiceClientHelpers.STS_ASSEMBLY_NAME, ServiceClientHelpers.STS_SERVICE_CLASS_NAME,
new AnonymousAWSCredentials(), stsConfig);
}
catch (Exception e)
{
var msg = string.Format(CultureInfo.CurrentCulture,
"Assembly {0} could not be found or loaded. This assembly must be available at runtime to use this profile class.",
ServiceClientHelpers.STS_ASSEMBLY_NAME);
throw new InvalidOperationException(msg, e);
}
try
{
var credentials = coreSTSClient.CredentialsFromSAMLAuthentication(SAMLEndpoint.EndpointUri.ToString(),
SAMLEndpoint.AuthenticationType.ToString(), RoleArn, MaximumCredentialTimespan, userCredential);
RegisterRoleSession(credentials);
state = new CredentialsRefreshState(credentials, credentials.Expires);
}
catch (Exception e)
{
var wrappedException = new AmazonClientException("Credential generation from SAML authentication failed.", e);
var logger = Logger.GetLogger(typeof(FederatedAWSCredentials));
logger.Error(wrappedException, wrappedException.Message);
throw wrappedException;
}
return(state);
}
