Reputation: 1417
Is there a .NET library that can sign a request with AWS V4 Signature?
I have an API Gateway where I'm setting the authentication to use AWS_IAM. This requires that I sign each request with the AWS V4 signature and attach the HMAC in the header. I've found libraries to sign a request with the V4 signature in nodejs. But I cannot find a library to sign for me. Even the aws-sdk for .NET has this abstracted for their own specific use case. Is there a library out there (i've done a quick google search and found no results)? Or do I need to write out the hmac myself?
Upvotes: 18
Views: 20044
Answers (4)
Reputation: 39
When using SSO authentication, you also have a session token that you need to include in the http request.
After signing the request, add the session token inside the http header x-amz-security-token.
Here is an example of implementing this inside a search request:
var baseUrl = "es_url";
var indexName = "index_name";
var requestUri = new Uri($"{baseUrl}/{indexName}/_search");
var req = new HttpRequestMessage
{
RequestUri = requestUri,
Method = System.Net.Http.HttpMethod.Post,
Content = new StringContent(query, Encoding.UTF8, "application/json")
};
var accessKeyId = "ACCESS_KEY";
var secretKey = "SECRET_KEY"
var sessionToken = "SESSION_TOKEN";
var signer = new AWS4RequestSigner(accessKeyId, secretKey);
req = await signer.Sign(req, "es", "us-west-2");
req.Headers.Add("x-amz-security-token", sessionToken);
var client = new HttpClient();
var response = await client.SendAsync(req);
Upvotes: 2
Reputation: 1193
An alternative to Aws4RequestSigner is AwsSignatureVersion4. I think its API is easier to work with, but I am biased since I am the author of the latter.
Upvotes: 8
Reputation: 121
While this is an old question, since AWS has not "prioritized accordingly" with regards to the .NET AWS SDK as stated in their comment above and this is still a relevant problem today, I found a good library that will take care of the AWS V4 request signing for you.
Here is the GitHub source and implementation documentation.
In addition, I've found that for my API Gateway AWS_IAM Authorization to work with temporary security credentials, you also need to include the "x-amz-security-token" header with the current session token as it's value as well in your request.
Upvotes: 12
Reputation: 10566
you can read on how the signature is done and you can (if you want). I would recommend pulling in the AWS SDK for .NET and using the functionality from the SDK to actually perform the signature.
Here is the signer form the SDK:
You may need to adapt it (ie it knows about AWS services and endpoints by default)
Upvotes: 8
Related Questions
- How to load npm modules in AWS Lambda?
- What is the difference between .NET Core and .NET Standard Class Library project types?
- Amazon S3 - How to fix 'The request signature we calculated does not match the signature' error?
- Getting json body in aws Lambda via API gateway
- Why not inherit from List<T>?
- API Gateway sign request with AWS SDK for .NET
- How do I call an AWS_IAM authorized API Gateway endpoint from AWS Lambda who's execution role has permission to do so?
- sign request to AWS API gateway with Signature v4 from using AWS Cognito token
- Sign API Gateway Request With AWS SDK