protected virtual IOss GetSecurityTokenClient(AliyunBlobProviderConfiguration configuration) { Check.NotNullOrWhiteSpace(configuration.RoleArn, nameof(configuration.RoleArn)); Check.NotNullOrWhiteSpace(configuration.RoleSessionName, nameof(configuration.RoleSessionName)); var cacheItem = Cache.Get(configuration.TemporaryCredentialsCacheKey); if (cacheItem == null) { IClientProfile profile = DefaultProfile.GetProfile( configuration.RegionId, configuration.AccessKeyId, configuration.AccessKeySecret); DefaultAcsClient client = new DefaultAcsClient(profile); AssumeRoleRequest request = new AssumeRoleRequest { AcceptFormat = FormatType.JSON, //eg:acs:ram::$accountID:role/$roleName RoleArn = configuration.RoleArn, RoleSessionName = configuration.RoleSessionName, //Set the validity period of the temporary access credential, the unit is s, the minimum is 900, and the maximum is 3600. default 3600 DurationSeconds = configuration.DurationSeconds, //Set additional permission policy of Token; when acquiring Token, further reduce the permission of Token by setting an additional permission policy Policy = configuration.Policy.IsNullOrEmpty() ? null : configuration.Policy, }; var response = client.GetAcsResponse(request); cacheItem = SetTemporaryCredentialsCache(configuration, response.Credentials); } return(new OssClient( configuration.Endpoint, StringEncryptionService.Decrypt(cacheItem.AccessKeyId), StringEncryptionService.Decrypt(cacheItem.AccessKeySecret), StringEncryptionService.Decrypt(cacheItem.SecurityToken))); }
public virtual IOss Create(AliyunBlobProviderConfiguration configuration) { Check.NotNullOrWhiteSpace(configuration.AccessKeyId, nameof(configuration.AccessKeyId)); Check.NotNullOrWhiteSpace(configuration.AccessKeySecret, nameof(configuration.AccessKeySecret)); Check.NotNullOrWhiteSpace(configuration.Endpoint, nameof(configuration.Endpoint)); if (configuration.UseSecurityTokenService) { //STS temporary authorization to access OSS return(GetSecurityTokenClient(configuration)); } //Sub-account return(new OssClient(configuration.Endpoint, configuration.AccessKeyId, configuration.AccessKeySecret)); }
private AliyunTemporaryCredentialsCacheItem SetTemporaryCredentialsCache( AliyunBlobProviderConfiguration configuration, AssumeRole_Credentials credentials) { var temporaryCredentialsCache = new AliyunTemporaryCredentialsCacheItem( StringEncryptionService.Encrypt(credentials.AccessKeyId), StringEncryptionService.Encrypt(credentials.AccessKeySecret), StringEncryptionService.Encrypt(credentials.SecurityToken)); Cache.Set(configuration.TemporaryCredentialsCacheKey, temporaryCredentialsCache, new DistributedCacheEntryOptions { AbsoluteExpirationRelativeToNow = TimeSpan.FromSeconds(configuration.DurationSeconds - 10) }); return(temporaryCredentialsCache); }
public override void ConfigureServices(ServiceConfigurationContext context) { context.Services.ReplaceConfiguration(ConfigurationHelper.BuildConfiguration(builderAction: builder => { builder.AddUserSecrets(UserSecretsId); })); var configuration = context.Services.GetConfiguration(); var accessKeyId = configuration["Aliyun:AccessKeyId"]; var accessKeySecret = configuration["Aliyun:AccessKeySecret"]; var endpoint = configuration["Aliyun:Endpoint"]; var regionId = configuration["Aliyun:RegionId"]; var roleArn = configuration["Aliyun:RoleArn"]; Configure <AbpBlobStoringOptions>(options => { options.Containers.ConfigureAll((containerName, containerConfiguration) => { containerConfiguration.UseAliyun(aliyun => { aliyun.AccessKeyId = accessKeyId; aliyun.AccessKeySecret = accessKeySecret; aliyun.Endpoint = endpoint; //STS aliyun.UseSecurityTokenService = true; aliyun.RegionId = regionId; aliyun.RoleArn = roleArn; aliyun.RoleSessionName = Guid.NewGuid().ToString("N"); aliyun.DurationSeconds = 900; aliyun.Policy = String.Empty; //Other aliyun.CreateContainerIfNotExists = true; aliyun.ContainerName = _randomContainerName; aliyun.TemporaryCredentialsCacheKey = "297A96094D7048DBB2C28C3FDB20839A"; _configuration = aliyun; }); }); }); }
protected virtual IOss GetOssClient(AliyunBlobProviderConfiguration aliyunConfig) { return(OssClientFactory.Create(aliyunConfig)); }