protected virtual async Task <SessionAWSCredentials> GetTemporaryFederatedCredentialsAsync( AwsBlobProviderConfiguration configuration) { Check.NotNullOrWhiteSpace(configuration.Name, nameof(configuration.Name)); Check.NotNullOrWhiteSpace(configuration.Policy, nameof(configuration.Policy)); var temporaryCredentialsCache = await Cache.GetAsync(configuration.TemporaryCredentialsCacheKey); if (temporaryCredentialsCache == null) { AmazonSecurityTokenServiceClient stsClient; if (!configuration.AccessKeyId.IsNullOrEmpty() && !configuration.SecretAccessKey.IsNullOrEmpty()) { stsClient = new AmazonSecurityTokenServiceClient(configuration.AccessKeyId, configuration.SecretAccessKey); } else { var awsCredentials = GetAwsCredentials(configuration); stsClient = awsCredentials == null ? new AmazonSecurityTokenServiceClient() : new AmazonSecurityTokenServiceClient(awsCredentials); } using (stsClient) { var federationTokenRequest = new GetFederationTokenRequest { DurationSeconds = configuration.DurationSeconds, Name = configuration.Name, Policy = configuration.Policy }; var federationTokenResponse = await stsClient.GetFederationTokenAsync(federationTokenRequest); var credentials = federationTokenResponse.Credentials; temporaryCredentialsCache = await SetTemporaryCredentialsCache(configuration, credentials); } } var sessionCredentials = new SessionAWSCredentials( StringEncryptionService.Decrypt(temporaryCredentialsCache.AccessKeyId), StringEncryptionService.Decrypt(temporaryCredentialsCache.SecretAccessKey), StringEncryptionService.Decrypt(temporaryCredentialsCache.SessionToken)); return(sessionCredentials); }
internal GetFederationTokenResponse GetFederationToken(GetFederationTokenRequest request) { var task = GetFederationTokenAsync(request); try { return(task.Result); } catch (AggregateException e) { ExceptionDispatchInfo.Capture(e.InnerException).Throw(); return(null); } }
public void TestGetFederationTokenAsync() { var gftRequest = new GetFederationTokenRequest { Policy = @"{""Statement"":[{""Effect"":""Allow"",""Action"":""*"",""Resource"":""*""}]}", Name = "BillyBob", DurationSeconds = 3600 }; GetFederationTokenResponse asyncResponse = null; #if ASYNC_AWAIT var task = Client.GetFederationTokenAsync(gftRequest); asyncResponse = task.Result; #else var asyncResult = Client.BeginGetFederationToken(gftRequest, ar => { var client = ar.AsyncState as AmazonSecurityTokenServiceClient; asyncResponse = client.EndGetFederationToken(ar); } , Client); asyncResult.AsyncWaitHandle.WaitOne(); #endif Thread.Sleep(TimeSpan.FromSeconds(5)); Assert.IsNotNull(asyncResponse); var gftResult = asyncResponse; Assert.IsNotNull(gftResult); Assert.IsNotNull(gftResult.Credentials.AccessKeyId); Assert.IsNotNull(gftResult.Credentials.SecretAccessKey); Assert.IsNotNull(gftResult.Credentials.SessionToken); Assert.IsNotNull(gftResult.Credentials.Expiration); var time = DateTime.Now; var approximateExpires = time.AddHours(1); var expiresAfter = approximateExpires.AddMinutes(-5); var expiresBefore = approximateExpires.AddMinutes(5); var expires = gftResult.Credentials.Expiration; Assert.IsTrue(expires > expiresAfter); Assert.IsTrue(expires < expiresBefore); Assert.IsNotNull(gftResult.FederatedUser.FederatedUserId); Assert.IsNotNull(gftResult.FederatedUser.Arn); Assert.IsTrue(gftResult.FederatedUser.FederatedUserId.EndsWith(gftRequest.Name, StringComparison.OrdinalIgnoreCase)); Assert.IsTrue(gftResult.FederatedUser.Arn.EndsWith(gftRequest.Name, StringComparison.OrdinalIgnoreCase)); }
public static TemporaryAWSCredentials GetSecurityToken(string userName) { TemporaryAWSCredentials temporaryCreds = new TemporaryAWSCredentials(); Credentials sessionCredentials; // Create a client using the credentials from the Web.config file AmazonSecurityTokenServiceConfig config = new AmazonSecurityTokenServiceConfig(); AmazonSecurityTokenServiceClient client = new AmazonSecurityTokenServiceClient( GetAccesskey(), GetSecretkey(), config); // Build the aws username string awsUsername = BuildAWSUsername(userName); // Map policy based on whether this is an internal or external user. string policy = BuildAWSPolicy(UserType.Internal); // Store the attributes and request a new // Federated session(temporary security creds) GetFederationTokenRequest request = new GetFederationTokenRequest { DurationSeconds = 3600 * SESSION_DURATION, Name = awsUsername, Policy = policy }; GetFederationTokenResponse startSessionResponse = null; startSessionResponse = client.GetFederationToken(request); // Check the result returned i.e. Valid security credentials or null? if (startSessionResponse != null) { GetFederationTokenResult startSessionResult = startSessionResponse.GetFederationTokenResult; sessionCredentials = startSessionResult.Credentials; // Store all the returned keys and token to TemporarySecurityCreds object. temporaryCreds.User = userName; temporaryCreds.AccessKeyId = sessionCredentials.AccessKeyId; temporaryCreds.SecretAccessKey = sessionCredentials.SecretAccessKey; temporaryCreds.Expiration = sessionCredentials.Expiration; temporaryCreds.Token = sessionCredentials.SessionToken; return(temporaryCreds); } else { throw new Exception("Error in retrieving AWS temporary security creds,recieved NULL"); } }
/// <summary> /// Initiates the asynchronous execution of the GetFederationToken operation. /// <seealso cref="Amazon.SecurityToken.IAmazonSecurityTokenService"/> /// </summary> /// <param name="request">Container for the necessary parameters to execute the GetFederationToken operation.</param> /// <param name="callback">An AsyncCallback delegate that is invoked when the operation completes</param> /// <returns>void</returns> public void GetFederationTokenAsync(GetFederationTokenRequest request, AmazonServiceCallback callback, object state) { if (!AmazonInitializer.IsInitialized) { throw new Exception("AWSPrefab is not added to the scene"); } ThreadPool.QueueUserWorkItem(new WaitCallback(delegate { var marshaller = new GetFederationTokenRequestMarshaller(); var unmarshaller = GetFederationTokenResponseUnmarshaller.Instance; Invoke(request, callback, state, marshaller, unmarshaller, signer); })); return; }
/// <summary> /// 获取联合身份临时访问凭证 /// </summary> /// <param name="req"><see cref="GetFederationTokenRequest"/></param> /// <returns><see cref="GetFederationTokenResponse"/></returns> public GetFederationTokenResponse GetFederationTokenSync(GetFederationTokenRequest req) { JsonResponseModel <GetFederationTokenResponse> rsp = null; try { var strResp = this.InternalRequestSync(req, "GetFederationToken"); rsp = JsonConvert.DeserializeObject <JsonResponseModel <GetFederationTokenResponse> >(strResp); } catch (JsonSerializationException e) { throw new TencentCloudSDKException(e.Message); } return(rsp.Response); }
private async Task <string> GetSigninTokenUrl() { var request = new GetFederationTokenRequest(UserName); request.DurationSeconds = SessionDurationSec; request.Policy = Policy; var response = await stsClient.GetFederationTokenAsync(request); var credential = response.Credentials; var json = JsonConvert.SerializeObject(new SessionJson(credential.AccessKeyId, credential.SecretAccessKey, credential.SessionToken)); var url = $"{federatedSigninUrl}?Action=getSigninToken&Session={Uri.EscapeDataString(json)}"; return(url); }
/// <summary> /// Initiates the asynchronous execution of the GetFederationToken operation. /// </summary> /// /// <param name="request">Container for the necessary parameters to execute the GetFederationToken operation on AmazonSecurityTokenServiceClient.</param> /// <param name="callback">An Action delegate that is invoked when the operation completes.</param> /// <param name="options">A user-defined state object that is passed to the callback procedure. Retrieve this object from within the callback /// procedure using the AsyncState property.</param> public void GetFederationTokenAsync(GetFederationTokenRequest request, AmazonServiceCallback <GetFederationTokenRequest, GetFederationTokenResponse> callback, AsyncOptions options = null) { options = options == null?new AsyncOptions():options; var marshaller = new GetFederationTokenRequestMarshaller(); var unmarshaller = GetFederationTokenResponseUnmarshaller.Instance; Action <AmazonWebServiceRequest, AmazonWebServiceResponse, Exception, AsyncOptions> callbackHelper = null; if (callback != null) { callbackHelper = (AmazonWebServiceRequest req, AmazonWebServiceResponse res, Exception ex, AsyncOptions ao) => { AmazonServiceResult <GetFederationTokenRequest, GetFederationTokenResponse> responseObject = new AmazonServiceResult <GetFederationTokenRequest, GetFederationTokenResponse>((GetFederationTokenRequest)req, (GetFederationTokenResponse)res, ex, ao.State); callback(responseObject); } } ; BeginInvoke <GetFederationTokenRequest>(request, marshaller, unmarshaller, options, callbackHelper); }
public void GetFederationTokenAsync(GetFederationTokenRequest request, AmazonServiceCallback <GetFederationTokenRequest, GetFederationTokenResponse> callback, AsyncOptions options = null) { //IL_0013: Unknown result type (might be due to invalid IL or missing references) options = ((options == null) ? ((object)new AsyncOptions()) : ((object)options)); GetFederationTokenRequestMarshaller getFederationTokenRequestMarshaller = new GetFederationTokenRequestMarshaller(); GetFederationTokenResponseUnmarshaller instance = GetFederationTokenResponseUnmarshaller.Instance; Action <AmazonWebServiceRequest, AmazonWebServiceResponse, Exception, AsyncOptions> action = null; if (callback != null) { action = delegate(AmazonWebServiceRequest req, AmazonWebServiceResponse res, Exception ex, AsyncOptions ao) { AmazonServiceResult <GetFederationTokenRequest, GetFederationTokenResponse> val = new AmazonServiceResult <GetFederationTokenRequest, GetFederationTokenResponse>((GetFederationTokenRequest)req, (GetFederationTokenResponse)res, ex, ao.get_State()); callback.Invoke(val); }; } this.BeginInvoke <GetFederationTokenRequest>(request, getFederationTokenRequestMarshaller, instance, options, action); }
public void TestGetFederationTokenAsync() { var gftRequest = new GetFederationTokenRequest { Policy = @"{""Statement"":[{""Effect"":""Allow"",""Action"":""*"",""Resource"":""*""}]}", Name = "BillyBob", DurationSeconds = 3600 }; GetFederationTokenResponse gftResult = null; AutoResetEvent ars = new AutoResetEvent(false); Client.GetFederationTokenAsync(gftRequest, (result) => { gftResult = result.Response; ars.Set(); }, options); ars.WaitOne(); Thread.Sleep(TimeSpan.FromSeconds(5)); Assert.IsNotNull(gftResult); Assert.IsNotNull(gftResult.Credentials.AccessKeyId); Assert.IsNotNull(gftResult.Credentials.SecretAccessKey); Assert.IsNotNull(gftResult.Credentials.SessionToken); Assert.IsNotNull(gftResult.Credentials.Expiration); var time = DateTime.Now; var approximateExpires = time.AddHours(1); var expiresAfter = approximateExpires.AddMinutes(-5); var expiresBefore = approximateExpires.AddMinutes(5); var expires = gftResult.Credentials.Expiration; Utils.AssertTrue(expires > expiresAfter); Utils.AssertTrue(expires < expiresBefore); Assert.IsNotNull(gftResult.FederatedUser.FederatedUserId); Assert.IsNotNull(gftResult.FederatedUser.Arn); Utils.AssertTrue(gftResult.FederatedUser.FederatedUserId.EndsWith(gftRequest.Name, StringComparison.OrdinalIgnoreCase)); Utils.AssertTrue(gftResult.FederatedUser.Arn.EndsWith(gftRequest.Name, StringComparison.OrdinalIgnoreCase)); }
public void TestGetFederationTokenAsync() { var gftRequest = new GetFederationTokenRequest { Policy = @"{""Statement"":[{""Effect"":""Allow"",""Action"":""*"",""Resource"":""*""}]}", Name = "BillyBob", DurationSeconds = 3600 }; GetFederationTokenResponse asyncResponse = null; var task = Client.GetFederationTokenAsync(gftRequest); asyncResponse = task.Result; UtilityMethods.Sleep(TimeSpan.FromSeconds(5)); Assert.IsNotNull(asyncResponse); var gftResult = asyncResponse; Assert.IsNotNull(gftResult); Assert.IsNotNull(gftResult.Credentials.AccessKeyId); Assert.IsNotNull(gftResult.Credentials.SecretAccessKey); Assert.IsNotNull(gftResult.Credentials.SessionToken); Assert.IsNotNull(gftResult.Credentials.Expiration); var time = DateTime.Now; var approximateExpires = time.AddHours(1); var expiresAfter = approximateExpires.AddMinutes(-5); var expiresBefore = approximateExpires.AddMinutes(5); var expires = gftResult.Credentials.Expiration; Assert.IsTrue(expires > expiresAfter); Assert.IsTrue(expires < expiresBefore); Assert.IsNotNull(gftResult.FederatedUser.FederatedUserId); Assert.IsNotNull(gftResult.FederatedUser.Arn); Assert.IsTrue(gftResult.FederatedUser.FederatedUserId.EndsWith(gftRequest.Name, StringComparison.OrdinalIgnoreCase)); Assert.IsTrue(gftResult.FederatedUser.Arn.EndsWith(gftRequest.Name, StringComparison.OrdinalIgnoreCase)); }
private static async Task <SessionAWSCredentials> GetTemporaryFederatedCredentialsAsync() { AmazonSecurityTokenServiceConfig config = new AmazonSecurityTokenServiceConfig(); AmazonSecurityTokenServiceClient stsClient = new AmazonSecurityTokenServiceClient( config); GetFederationTokenRequest federationTokenRequest = new GetFederationTokenRequest(); federationTokenRequest.DurationSeconds = 7200; federationTokenRequest.Name = "User1"; federationTokenRequest.Policy = @"{ ""Statement"": [ { ""Sid"":""Stmt1311212314284"", ""Action"":[""s3:ListBucket""], ""Effect"":""Allow"", ""Resource"":""arn:aws:s3:::" + bucketName + @""" } ] } "; GetFederationTokenResponse federationTokenResponse = await stsClient.GetFederationTokenAsync(federationTokenRequest); Credentials credentials = federationTokenResponse.Credentials; SessionAWSCredentials sessionCredentials = new SessionAWSCredentials(credentials.AccessKeyId, credentials.SecretAccessKey, credentials.SessionToken); return(sessionCredentials); }
public static string genCredential(Dictionary <string, object> values) { Credential cred = new Credential { SecretId = (string)values["secretId"], SecretKey = (string)values["secretKey"] }; ClientProfile clientProfile = new ClientProfile(); HttpProfile httpProfile = new HttpProfile(); httpProfile.Endpoint = ("sts.tencentcloudapi.com"); clientProfile.HttpProfile = httpProfile; string region = (string)values["region"]; string bucket = (string)values["bucket"]; string allowPrefix = (string)values["allowPrefix"]; string[] allowActions = (string[])values["allowActions"]; string policy = getPolicy(region, bucket, allowPrefix, allowActions); Dictionary <string, object> body = new Dictionary <string, object>(); body.Add("DurationSeconds", (Int32)values["durationSeconds"]); body.Add("Name", "cos-sts-sdk-dotnet"); body.Add("Policy", policy); StsClient client = new StsClient(cred, region, clientProfile); GetFederationTokenRequest req = new GetFederationTokenRequest(); string strParams = JsonConvert.SerializeObject(body); req = GetFederationTokenRequest.FromJsonString <GetFederationTokenRequest>(strParams); GetFederationTokenResponse resp = client.GetFederationToken(req). ConfigureAwait(false).GetAwaiter().GetResult(); return(JsonConvert.SerializeObject(resp)); }
/// <summary> /// 获取联合身份临时访问凭证 /// </summary> /// <returns></returns> public GetFederationTokenResponse GetFederationToken() { Credential cred = new Credential { SecretId = _cosConfig.SecretId, SecretKey = _cosConfig.SecretKey }; ClientProfile clientProfile = new ClientProfile(); HttpProfile httpProfile = new HttpProfile(); httpProfile.Endpoint = _cosConfig.EndPoint; clientProfile.HttpProfile = httpProfile; StsClient client = new StsClient(cred, _cosConfig.Region, clientProfile); GetFederationTokenRequest req = new GetFederationTokenRequest(); req.Name = _cosConfig.Name; req.Policy = HttpUtility.UrlEncode(_cosConfig.Policy); req.DurationSeconds = _cosConfig.DurationSeconds; GetFederationTokenResponse resp = client.GetFederationTokenSync(req); return(resp); }
public Task <GetFederationTokenResponse> GetFederationTokenAsync(GetFederationTokenRequest request, CancellationToken cancellationToken = new CancellationToken()) { throw new System.NotImplementedException(); }
public static Dictionary <string, object> genCredential(Dictionary <string, object> values) { checkArguments(values, new string[] { "secretId", "secretKey", "region" }); Credential cred = new Credential { SecretId = (string)values["secretId"], SecretKey = (string)values["secretKey"] }; string region = (string)values["region"]; ClientProfile clientProfile = new ClientProfile(); HttpProfile httpProfile = new HttpProfile(); String endpoint = values.ContainsKey("Domain") ? (string)values["Domain"]: "sts.tencentcloudapi.com"; httpProfile.Endpoint = endpoint; clientProfile.HttpProfile = httpProfile; // get policy string policy = null; if (values.ContainsKey("policy")) { policy = (string)values["policy"]; } if (policy == null) { checkArguments(values, new string[] { "bucket", "allowActions" }); string bucket = (string)values["bucket"]; string[] allowActions = (string[])values["allowActions"]; string[] allowPrefixes; if (values.ContainsKey("allowPrefix")) { allowPrefixes = new string[] { (string)values["allowPrefix"] }; } else if (values.ContainsKey("allowPrefixes")) { allowPrefixes = (string[])values["allowPrefixes"]; } else { throw new System.ArgumentException("allowPrefix and allowPrefixes are both null."); } policy = getPolicy(region, bucket, allowPrefixes, allowActions); } // duration Int32 durationSeconds = 1800; if (values.ContainsKey("durationSeconds")) { durationSeconds = (Int32)values["durationSeconds"]; } Dictionary <string, object> body = new Dictionary <string, object>(); body.Add("DurationSeconds", durationSeconds); body.Add("Name", "cos-sts-sdk-dotnet"); body.Add("Policy", policy); StsClient client = new StsClient(cred, region, clientProfile); GetFederationTokenRequest req = new GetFederationTokenRequest(); string strParams = JsonConvert.SerializeObject(body); req = GetFederationTokenRequest.FromJsonString <GetFederationTokenRequest>(strParams); GetFederationTokenResponse resp = client.GetFederationTokenSync(req); string jsonString = JsonConvert.SerializeObject(resp); Dictionary <string, object> dic = JsonConvert.DeserializeObject <Dictionary <string, object> >(jsonString); if (dic.ContainsKey("ExpiredTime")) { dic.Add("StartTime", Int32.Parse(dic["ExpiredTime"].ToString()) - durationSeconds); } return(dic); }
/// <summary> /// <para>The GetFederationToken action returns a set of temporary credentials for a federated user with the user name and policy specified in /// the request. The credentials consist of an Access Key ID, a Secret Access Key, and a security token. Credentials created by IAM users are /// valid for the specified duration, between 15 minutes and 36 hours; credentials created using account credentials have a maximum duration of /// one hour.</para> <para>The federated user who holds these credentials has any permissions allowed by the intersection of the specified /// policy and any resource or user policies that apply to the caller of the GetFederationToken API, and any resource policies that apply to the /// federated user's Amazon Resource Name (ARN). For more information about how token permissions work, see Controlling Permissions in Temporary /// Credentials in <i>Using IAM</i> . For information about using GetFederationToken to create temporary credentials, see Creating Temporary /// Credentials to Enable Access for Federated Users in <i>Using IAM</i> .</para> /// </summary> /// /// <param name="getFederationTokenRequest">Container for the necessary parameters to execute the GetFederationToken service method on /// AmazonSecurityTokenService.</param> /// /// <returns>The response from the GetFederationToken service method, as returned by AmazonSecurityTokenService.</returns> /// /// <exception cref="PackedPolicyTooLargeException"/> /// <exception cref="MalformedPolicyDocumentException"/> public GetFederationTokenResponse GetFederationToken(GetFederationTokenRequest getFederationTokenRequest) { IAsyncResult asyncResult = invokeGetFederationToken(getFederationTokenRequest, null, null, true); return(EndGetFederationToken(asyncResult)); }
/// <summary> /// Initiates the asynchronous execution of the GetFederationToken operation. /// <seealso cref="Amazon.SecurityToken.AmazonSecurityTokenService.GetFederationToken"/> /// </summary> /// /// <param name="getFederationTokenRequest">Container for the necessary parameters to execute the GetFederationToken operation on /// AmazonSecurityTokenService.</param> /// <param name="callback">An AsyncCallback delegate that is invoked when the operation completes.</param> /// <param name="state">A user-defined state object that is passed to the callback procedure. Retrieve this object from within the callback /// procedure using the AsyncState property.</param> /// /// <returns>An IAsyncResult that can be used to poll or wait for results, or both; this value is also needed when invoking /// EndGetFederationToken operation.</returns> public IAsyncResult BeginGetFederationToken(GetFederationTokenRequest getFederationTokenRequest, AsyncCallback callback, object state) { return(invokeGetFederationToken(getFederationTokenRequest, callback, state, false)); }