[英]Send MFA token with access key for S3 bucket, file upload using c#
I am trying to add MFA (Multi Factor Authentication) in my application, where i am going to store object in aws S3 bucket. 我正在尝试在我的应用程序中添加MFA(多重身份验证),我将在aws S3存储桶中存储对象。 I went through AWS documentation but could not find anything where we can pass MFA tokedn while sending any request to AWS programmatically in C#.
我查看了AWS文档,但在C#中以编程方式向AWS发送任何请求时,找不到任何可以传递MFA tokedn的内容。
Here is my working code snippet without MFA, 这是我没有MFA的工作代码段,
var awsCredentials = new BasicAWSCredentials(accessKey, secretKey);
_client = new AmazonS3Client(awsCredentials, Amazon.RegionEndpoint.USEast1);
var putRequest = new PutObjectRequest
{
BucketName = ConfigurationManager.AppSettings["S3BucketName"],
Key = fileName,
FilePath = localFilePath,
ContentType = "image/" + Path.GetExtension(fileName),
CannedACL = S3CannedACL.PublicRead
};
var req = JsonConvert.SerializeObject(putRequest);
I am expecting to add MFA authentication token to this above code. 我希望在上面的代码中添加MFA身份验证令牌。
The TOTP from an MFA token isn't passed directly with the request. 来自MFA令牌的TOTP不直接与请求一起传递。
Instead, you first make a call to Security Token Service (STS) where you essentially "exchange" your current credentials and MFA info for a set of temporary credentials that are used to authenticate subsequent requests. 相反,您首先调用安全令牌服务(STS),其中您实际上“交换”当前凭据和MFA信息,以获取用于验证后续请求的一组临时凭证。
The user calls one of the AWS STS API operations that support the MFA parameters,
AssumeRole
orGetSessionToken
, depending on the scenario for MFA protection, as explained later.用户来电支持MFA参数时,AWS STS API操作的一个
AssumeRole
或GetSessionToken
,这取决于MFA保护的情况下,后面会解释。 As part of the call, the user includes the device identifier for the device that's associated with the user.作为呼叫的一部分,用户包括与用户相关联的设备的设备标识符。 The user also includes the time-based one-time password (TOTP) that the device generates.
用户还包括设备生成的基于时间的一次性密码(TOTP)。 In either case, the user gets back temporary security credentials that the user can then use to make additional requests to AWS.
在任何一种情况下,用户都会获得临时安全凭证,然后用户可以使用该凭证向AWS发出其他请求。
https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_mfa_configure-api-require.html
https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_mfa_configure-api-require.html
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.