发送带有S3存储桶访问密钥的MFA令牌,使用c#上传文件
[英]Send MFA token with access key for S3 bucket, file upload using c#
问题描述
I am trying to add MFA (Multi Factor Authentication) in my application, where i am going to store object in aws S3 bucket. 
我正在尝试在我的应用程序中添加MFA(多重身份验证),我将在aws S3存储桶中存储对象。 I went through AWS documentation but could not find anything where we can pass MFA tokedn while sending any request to AWS programmatically in C#. 我查看了AWS文档,但在C#中以编程方式向AWS发送任何请求时,找不到任何可以传递MFA tokedn的内容。
Here is my working code snippet without MFA, 这是我没有MFA的工作代码段,
var awsCredentials = new BasicAWSCredentials(accessKey, secretKey);
_client = new AmazonS3Client(awsCredentials, Amazon.RegionEndpoint.USEast1);
var putRequest = new PutObjectRequest
{
BucketName = ConfigurationManager.AppSettings["S3BucketName"],
Key = fileName,
FilePath = localFilePath,
ContentType = "image/" + Path.GetExtension(fileName),
CannedACL = S3CannedACL.PublicRead
};
var req = JsonConvert.SerializeObject(putRequest);
I am expecting to add MFA authentication token to this above code. 我希望在上面的代码中添加MFA身份验证令牌。
1 个解决方案
解决方案1
0 2019-03-26 13:24:08
The TOTP from an MFA token isn't passed directly with the request. 来自MFA令牌的TOTP不直接与请求一起传递。
Instead, you first make a call to Security Token Service (STS) where you essentially "exchange" your current credentials and MFA info for a set of temporary credentials that are used to authenticate subsequent requests. 相反,您首先调用安全令牌服务(STS),其中您实际上“交换”当前凭据和MFA信息,以获取用于验证后续请求的一组临时凭证。
The user calls one of the AWS STS API operations that support the MFA parameters,
AssumeRoleorGetSessionToken, depending on the scenario for MFA protection, as explained later.AssumeRole或GetSessionToken,这取决于MFA保护的情况下,后面会解释。 As part of the call, the user includes the device identifier for the device that's associated with the user.https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_mfa_configure-api-require.html
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.