Reputation: 9610
OperationCanceledException when trying to authenticate user in AWS Cognito
I am playing around with AWS Cognito and I am trying to authenticate a user from my API backend.
But I am getting an "The operation was canceled." exception, and I don't know why!
Here is my code:
var authReq = new AdminInitiateAuthRequest()
{
UserPoolId = this.UserpoolId,
ClientId = this.ClientId,
AuthFlow = AuthFlowType.ADMIN_NO_SRP_AUTH
};
authReq.AuthParameters.Add("USERNAME", username);
authReq.AuthParameters.Add("PASSWORD", password);
try
{
AdminInitiateAuthResponse authResp = await
this.SecClient.AdminInitiateAuthAsync(authReq);
}
catch(Exception e)
{
//The operation was canceled exception
}
My Stack trace
at System.Net.Http.HttpClient.HandleFinishSendAsyncError(Exception e, CancellationTokenSource cts)\r\n at System.Net.Http.HttpClient.FinishSendAsyncUnbuffered(Task
1 sendTask, HttpRequestMessage request, CancellationTokenSource cts, Boolean disposeCts)\r\n at System.Net.Http.HttpClient.GetStringAsyncCore(Task1 getTask)\r\n at Amazon.Runtime.Internal.Util.AsyncHelpers.<>c__DisplayClass1_11.<<RunSync>b__0>d.MoveNext()\r\n --- End of stack trace from previous location where exception was thrown ---\r\n at Amazon.Runtime.Internal.Util.AsyncHelpers.ExclusiveSynchronizationContext.BeginMessageLoop() in D:\\JenkinsWorkspaces\\trebuchet-stage-release\\AWSDotNetPublic\\sdk\\src\\Core\\Amazon.Runtime\\Internal\\Util\\_mobile\\AsyncHelpers.cs:line 142\r\n at Amazon.Runtime.Internal.Util.AsyncHelpers.RunSync[T](Func1 task) in D:\JenkinsWorkspaces\trebuchet-stage-release\AWSDotNetPublic\sdk\src\Core\Amazon.Runtime\Internal\Util\_mobile\AsyncHelpers.cs:line 87\r\n at Amazon.Util.AWSSDKUtils.DownloadStringContent(Uri uri, TimeSpan timeout, IWebProxy proxy) in D:\JenkinsWorkspaces\trebuchet-stage-release\AWSDotNetPublic\sdk\src\Core\Amazon.Util\AWSSDKUtils.cs:line 1008\r\n at Amazon.Util.EC2InstanceMetadata.GetItems(String relativeOrAbsolutePath, Int32 tries, Boolean slurp) in D:\JenkinsWorkspaces\trebuchet-stage-release\AWSDotNetPublic\sdk\src\Core\Amazon.Util\_bcl+netstandard\EC2InstanceMetadata.cs:line 513\r\n at Amazon.Util.EC2InstanceMetadata.get_IAMSecurityCredentials() in D:\JenkinsWorkspaces\trebuchet-stage-release\AWSDotNetPublic\sdk\src\Core\Amazon.Util\_bcl+netstandard\EC2InstanceMetadata.cs:line 311\r\n at Amazon.Runtime.DefaultInstanceProfileAWSCredentials.FetchCredentials() in D:\JenkinsWorkspaces\trebuchet-stage-release\AWSDotNetPublic\sdk\src\Core\Amazon.Runtime\Credentials\_bcl+netstandard\DefaultInstanceProfileAWSCredentials.cs:line 142\r\n at Amazon.Runtime.DefaultInstanceProfileAWSCredentials.GetCredentials() in D:\JenkinsWorkspaces\trebuchet-stage-release\AWSDotNetPublic\sdk\src\Core\Amazon.Runtime\Credentials\_bcl+netstandard\DefaultInstanceProfileAWSCredentials.cs:line 88\r\n at Amazon.Runtime.DefaultInstanceProfileAWSCredentials.GetCredentialsAsync() in D:\JenkinsWorkspaces\trebuchet-stage-release\AWSDotNetPublic\sdk\src\Core\Amazon.Runtime\Credentials\_bcl+netstandard\DefaultInstanceProfileAWSCredentials.cs:line 106\r\n at Amazon.Runtime.Internal.CredentialsRetriever.InvokeAsync[T](IExecutionContext executionContext) in D:\JenkinsWorkspaces\trebuchet-stage-release\AWSDotNetPublic\sdk\src\Core\Amazon.Runtime\Pipeline\Handlers\CredentialsRetriever.cs:line 90\r\n at Amazon.Runtime.Internal.RetryHandler.InvokeAsync[T](IExecutionContext executionContext)\r\n at Amazon.Runtime.Internal.RetryHandler.InvokeAsync[T](IExecutionContext executionContext) in D:\JenkinsWorkspaces\trebuchet-stage-release\AWSDotNetPublic\sdk\src\Core\Amazon.Runtime\Pipeline\RetryHandler\RetryHandler.cs:line 137\r\n at Amazon.Runtime.Internal.CallbackHandler.InvokeAsync[T](IExecutionContext executionContext)\r\n at Amazon.Runtime.Internal.CallbackHandler.InvokeAsync[T](IExecutionContext executionContext)\r\n at Amazon.Runtime.Internal.ErrorCallbackHandler.InvokeAsync[T](IExecutionContext executionContext)\r\n at Amazon.Runtime.Internal.MetricsHandler.InvokeAsync[T](IExecutionContext executionContext)\r\n at KaiserSmith.MS.Security.AWSCognitoAdapter.UserLogin(String username, String password) in C:\Users\Jason\Dropbox\Development\KaiserSmith.MS\BundleShared\Security\AWSCognitoAdapter.cs:line 83" string
Upvotes: 1
Views: 1451
Answers (3)
Reputation: 1620
In my case the .NET Cognito Client was throwing either a OperationCancelledException or a SocketException (Host is down).
Because you did not provide any AWS Credentials to the constructor of the AmazonCognitoIdentityProviderClient it tried to send a HTTP request to http://169.254.169.254 to get the EC2 Instance Metadata (ultimately trying to get the EC2 Instance Profile or similar IAM Role that it should assume).
The solution is to provide invalid AWS credentials to the constructor. new AmazonCognitoIdentityProviderClient(new Amazon.Runtime.BasicAWSCredentials(@"Invalid", @"Credentials"))
Socket Exception: Host is down was observed when 169.254.169.254 was routed out my ethernet interface and no ARP response could be obtained.
Upvotes: 0
Reputation: 9610
I have managed to resolve this myself. I first started looking into network error, as point out by Vladimir in his answer. I had already ruled out firewall problems on my local machine, so I tried from different machine several hours later and had the same issues.
I tried googling for similar issues, all with not luck. But after much investigation I eventually found the cause, although the exception seems to be misleading. During my google search I came across other examples which were initiating the client in a different manner, so I tried this and bingo!
So I changed this:
this.SecClient = new AmazonCognitoIdentityProviderClient(Amazon.RegionEndpoint.EUCentral1);
To become this
this.SecClient = new AmazonCognitoIdentityProviderClient(myAwsAccesskey, myAwsSecret, Amazon.RegionEndpoint.EUCentral1);
And this seems to have resolved the problem!
Upvotes: 2
Reputation: 15178
Let's traverse through stack trace & related source code:
System.Net.Http.HttpClient.HandleFinishSendAsyncError
System.Net.Http.HttpClient.FinishSendAsyncUnbuffered
..
System.Net.Http.HttpClient.GetStringAsyncCore(Task)
..
SendAsync
..
AWSSDKUtils.cs:line 1008
Amazon.Util.EC2InstanceMetadata.GetItems
..
The OperationCanceledException thrown when cts (CancellationTokenSource) is cancelled. cts is cancelled when HttpClient.Timeout expired or cancelled pending request.
HttpClient that initiated request assigns the custom value to HttpClient.Timeout. Timeout is set to 5 seconds in Amazon.Util.EC2InstanceMetadata.GetItems.
Conclusion: this request doesn't have time to execute for 5 second. Probably it is temporarily problem with AWS Cognito or some network latency issue.
Recommendations:
if this fault is transient and may self-correct after a short delay then make sense to apply Polly.RetryPolicy
try to research network latency.
Upvotes: 0
Related Questions
- AWS Cognito built-in sign in redirection issue
- Microsoft.AspNetCore.Authorization.DefaultAuthorizationService Authorization failing
- AmazonCognitoIdentityProviderException: User is not authorized to perform cognito-idp:DescribeUserPool on resource
- AWS Credential provided by Identity Pool is invalid
- How to signup a user with AWS Cognito and a console .NET Core 2.0?
- AWS Cognito NotAuthorizedException A client attempted to write unauthorized attribute
- CognitoIdentityProviderClient AdminInitiateAuth Unable to verify secret hash for client
- Sign In User / Authenticate User with AWS Cognito
- Getting an error while authenticating a user using AWS Cognito
- AWS Cognito: Access to Identity is forbidden when calling getOpenIdToken()