Inheritance: System.Exception
        private CredentialsRefreshState Authenticate(ICredentials userCredential, TimeSpan credentialDuration)
        {
            CredentialsRefreshState state;

            var configuredRegion = !string.IsNullOrEmpty(ProfileData.Region) ? ProfileData.Region : AWSConfigs.AWSRegion;
            var region           = string.IsNullOrEmpty(configuredRegion)
                                ? DefaultSTSClientRegion
                                : RegionEndpoint.GetBySystemName(configuredRegion);

            ICoreAmazonSTS coreSTSClient = null;

            try
            {
                var stsConfig = ServiceClientHelpers.CreateServiceConfig(ServiceClientHelpers.STS_ASSEMBLY_NAME,
                                                                         ServiceClientHelpers.STS_SERVICE_CONFIG_NAME);
                stsConfig.RegionEndpoint = region;
                if (_proxySettings != null)
                {
                    stsConfig.SetWebProxy(_proxySettings);
                }

                coreSTSClient
                    = ServiceClientHelpers.CreateServiceFromAssembly <ICoreAmazonSTS>(ServiceClientHelpers.STS_ASSEMBLY_NAME,
                                                                                      ServiceClientHelpers.STS_SERVICE_CLASS_NAME,
                                                                                      new AnonymousAWSCredentials(),
                                                                                      stsConfig);
            }
            catch (Exception e)
            {
                var msg = string.Format(CultureInfo.CurrentCulture,
                                        "Assembly {0} could not be found or loaded. This assembly must be available at runtime to use this profile class.",
                                        ServiceClientHelpers.STS_ASSEMBLY_NAME);
                throw new InvalidOperationException(msg, e);
            }

            try
            {
                var credentials
                    = coreSTSClient.CredentialsFromSAMLAuthentication(ProfileData.EndpointSettings.Endpoint.ToString(),
                                                                      ProfileData.EndpointSettings.AuthenticationType,
                                                                      ProfileData.RoleArn,
                                                                      credentialDuration,
                                                                      userCredential);

                ProfileData.PersistSession(credentials);

                state = new CredentialsRefreshState(credentials, credentials.Expires);
            }
            catch (Exception e)
            {
                var wrappedException = new AmazonClientException("Credential generation from SAML authentication failed.", e);

                var logger = Logger.GetLogger(typeof(StoredProfileFederatedCredentials));
                logger.Error(wrappedException, wrappedException.Message);

                throw wrappedException;
            }

            return(state);
        }
Exemple #2
0
        private CredentialsRefreshState Authenticate(ICredentials userCredential)
        {
            CredentialsRefreshState state;

            var region = Options.STSRegion;

            if (region == null && !string.IsNullOrEmpty(AWSConfigs.AWSRegion))
            {
                region = RegionEndpoint.GetBySystemName(AWSConfigs.AWSRegion);
            }
            else
            {
                region = DefaultSTSClientRegion;
            }

            ICoreAmazonSTS coreSTSClient = null;

            try
            {
                var stsConfig = ServiceClientHelpers.CreateServiceConfig(
                    ServiceClientHelpers.STS_ASSEMBLY_NAME, ServiceClientHelpers.STS_SERVICE_CONFIG_NAME);

                stsConfig.RegionEndpoint = region;
                if (Options.ProxySettings != null)
                {
                    stsConfig.SetWebProxy(Options.ProxySettings);
                }

                coreSTSClient = ServiceClientHelpers.CreateServiceFromAssembly <ICoreAmazonSTS>(
                    ServiceClientHelpers.STS_ASSEMBLY_NAME, ServiceClientHelpers.STS_SERVICE_CLASS_NAME,
                    new AnonymousAWSCredentials(), stsConfig);
            }
            catch (Exception e)
            {
                var msg = string.Format(CultureInfo.CurrentCulture,
                                        "Assembly {0} could not be found or loaded. This assembly must be available at runtime to use this profile class.",
                                        ServiceClientHelpers.STS_ASSEMBLY_NAME);
                throw new InvalidOperationException(msg, e);
            }

            try
            {
                var credentials = coreSTSClient.CredentialsFromSAMLAuthentication(SAMLEndpoint.EndpointUri.ToString(),
                                                                                  SAMLEndpoint.AuthenticationType.ToString(), RoleArn, MaximumCredentialTimespan, userCredential);

                RegisterRoleSession(credentials);

                state = new CredentialsRefreshState(credentials, credentials.Expires);
            }
            catch (Exception e)
            {
                var wrappedException = new AmazonClientException("Credential generation from SAML authentication failed.", e);

                var logger = Logger.GetLogger(typeof(FederatedAWSCredentials));
                logger.Error(wrappedException, wrappedException.Message);

                throw wrappedException;
            }

            return(state);
        }
        private CredentialsRefreshState Authenticate(ICredentials userCredential, TimeSpan credentialDuration)
        {
            CredentialsRefreshState state;
            SAMLAssertion assertion;

            var configuredRegion = AWSConfigs.AWSRegion;
            var region = string.IsNullOrEmpty(configuredRegion)
                                ? DefaultSTSClientRegion
                                : RegionEndpoint.GetBySystemName(configuredRegion);

            try
            {
                assertion = new SAMLAuthenticationController().GetSAMLAssertion(ProfileData.EndpointSettings.Endpoint.ToString(),
                                                                                userCredential,
                                                                                ProfileData.EndpointSettings.AuthenticationType);
            }
            catch (Exception e)
            {
                throw new AuthenticationFailedException("Authentication failure, unable to obtain SAML assertion.", e);
            }

            try
            {
                using (var stsClient = new AmazonSecurityTokenServiceClient(new AnonymousAWSCredentials(), region))
                {
                    var credentials = assertion.GetRoleCredentials(stsClient, ProfileData.RoleArn, credentialDuration);
                    state = new CredentialsRefreshState(credentials, DateTime.UtcNow + credentialDuration);
                }
            }
            catch (Exception e)
            {
                var wrappedException = new AmazonClientException("Credential generation failed following successful authentication.", e);

                var logger = Logger.GetLogger(typeof(StoredProfileSAMLCredentials));
                logger.Error(wrappedException, wrappedException.Message);

                throw wrappedException;
            }

            return state;
        }