Durch die Nutzung von AWS re:Post stimmt du den AWS re:Post Nutzungsbedingungen
AWS re:Postre:Post

.NET SDK Cognito Identity InitiateAuth yields AmazonServiceException: Unable to get IAM security credentials from EC2 Instance Metadata Service

0

I am attempting to authorize users that I have added to a Cognito User Pool through a client application (like a website) using the .NET SDK.

.NET SDK version: 45-3.7.494.1

As far as I know I have set up everything correctly on the AWS side - user pool, federated identity pool tied to user pool, IAM auth & unauth roles tied to identity pool.

I added the user email to the user pool and now need them to login. However, on attempting to begin the process with the code below:

Auth Request Code Example

I get:

Error List

From what I can tell I am using the appropriate logic based on https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-authentication-flow.html and other associated documentation. I have also combed the internet (re:Post, git, stack) for some kind of hint with no luck. I had tried CognitoSync but this method proved more useful initially.

Any ideas or potential insight would be greatly appreciated!

Themen
Sicherheit, Identität & Konformität.NET auf AWS
Tags
Sicherheit, Identität & KonformitätAWS Identity and Access ManagementAmazon Cognito.NET auf AWS
Sprache
English
rePost-User-3544658
gefragt vor einem Jahr520 Aufrufe
1 Antwort
0

I managed to find my way around this and am posting this response for anyone who has the same problems:

There are a few things wrong with the code listed:

  1. First, credentials need to be passed through when constructing the AmazonCognitoIdentityProviderClient (idClient). Otherwise the request instance hangs and the following error occurs: AmazonServiceException: Unable to get IAM security credentials from EC2 Instance Metadata Service
  2. The SRP_A value is a special value and needs code to comupte it (see Secure Remote Password on wiki). The C# code I found that works for this is here: https://github.com/aws/aws-sdk-net-extensions-cognito/tree/master/src/Amazon.Extensions.CognitoAuthentication/Util You will need all the scripts in the util folder.
  3. The call for InitiateAuth must be tied to something - in this case: Amazon.CognitoIdentityProvider.Model.InitiateAuthResponse

The correct code (as far as I can tell at this moment) is: Corrected Code

This returns the PASSWORD_VERIFIER challange as part of "response".

There may be issues with this I have yet to run into as I am still in the process on integrating - so please be careful.

rePost-User-3544658
beantwortet vor einem Jahr

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen

Relevanter Inhalt