/// <summary>
/// <para>
/// Constructs an instance of StoredProfileFederatedCredentials. After construction call one of the Authenticate
/// methods to authenticate the user/process and obtain temporary AWS credentials.
/// </para>
/// <para>
/// For users who are domain joined (the role profile does not contain user identity information) the temporary
/// credentials will be refreshed automatically as needed. Non domain-joined users (those with user identity
/// data in the profile) are required to re-authenticate when credential refresh is required. An exception is
/// thrown when attempt is made to refresh credentials in this scenario. The consuming code of this class
/// should catch the exception and prompt the user for credentials, then call Authenticate to re-initialize
/// with a new set of temporary AWS credentials.
/// </para>
/// </summary>
/// <param name="profileName">
/// The name of the profile holding the necessary role data to enable authentication and credential generation.
/// </param>
/// <param name="profilesLocation">Reserved for future use.</param>
/// <param name="proxySettings">
/// Null or proxy settings to be used during the HHTPS authentication calls when generating credentials.
/// /// </param>
/// <remarks>The ini-format credentials file is not currently supported for SAML role profiles.</remarks>
public StoredProfileFederatedCredentials(string profileName, string profilesLocation, WebProxy proxySettings)
{
this._proxySettings = proxySettings;
this.PreemptExpiryTime = _preemptExpiryTime;
var lookupName = string.IsNullOrEmpty(profileName)
? StoredProfileCredentials.DEFAULT_PROFILE_NAME
: profileName;
ProfileName = lookupName;
ProfilesLocation = null;
// If not overriding the credentials lookup location check the SDK Store for credentials. If
// an override location is specified, assume we should only use the shared credential file.
if (string.IsNullOrEmpty(profilesLocation))
{
if (ProfileManager.IsProfileKnown(lookupName) && SAMLRoleProfile.CanCreateFrom(lookupName))
{
var profileData = ProfileManager.GetProfile <SAMLRoleProfile>(lookupName);
ProfileData = profileData;
var logger = Logger.GetLogger(typeof(StoredProfileFederatedCredentials));
logger.InfoFormat("SAML role profile found using account name {0} and looking in SDK account store.", lookupName);
}
}
// we currently do not support the shared ini-format credential file for SAML role profile data
// so end the search now if not found
if (ProfileData == null)
{
var msg = string.Format(CultureInfo.InvariantCulture,
"Profile '{0}' was not found or could not be loaded from the SDK credential store. Verify that the profile name and data are correct.",
profileName);
throw new ArgumentException(msg);
}
}
/// <summary>
/// Tests if an instance can be created from the persisted profile data.
/// </summary>
/// <param name="profileName">The name of the profile to test.</param>
/// <param name="profilesLocation">The location of the shared ini-format credential file.</param>
/// <returns>True if the persisted data would yield a valid credentials instance.</returns>
/// <remarks>
/// This profile type is currently only supported in the SDK credential store file.
/// The shared ini-format file is not currently supported; any value supplied
/// for the profilesLocation value is ignored.
/// </remarks>
public static bool CanCreateFrom(string profileName, string profilesLocation)
{
if (string.IsNullOrEmpty(profilesLocation) && ProfileManager.IsProfileKnown(profileName))
{
return(SAMLRoleProfile.CanCreateFrom(profileName));
}
return(false);
}