Send MFA token with access key for S3 bucket, file upload using c#

Question

I am trying to add MFA (Multi Factor Authentication) in my application, where i am going to store object in aws S3 bucket. I went through AWS documentation but could not find anything where we can pass MFA tokedn while sending any request to AWS programmatically in C#.

Here is my working code snippet without MFA,

var awsCredentials = new BasicAWSCredentials(accessKey, secretKey);
_client = new AmazonS3Client(awsCredentials, Amazon.RegionEndpoint.USEast1);

var putRequest = new PutObjectRequest
{

BucketName = ConfigurationManager.AppSettings["S3BucketName"],
Key = fileName,
FilePath = localFilePath,
ContentType = "image/" + Path.GetExtension(fileName),
CannedACL = S3CannedACL.PublicRead
};
var req = JsonConvert.SerializeObject(putRequest);

I am expecting to add MFA authentication token to this above code.

Answer 1

The TOTP from an MFA token isn't passed directly with the request.

Instead, you first make a call to Security Token Service (STS) where you essentially "exchange" your current credentials and MFA info for a set of temporary credentials that are used to authenticate subsequent requests.

The user calls one of the AWS STS API operations that support the MFA parameters, AssumeRole or GetSessionToken , depending on the scenario for MFA protection, as explained later. As part of the call, the user includes the device identifier for the device that's associated with the user. The user also includes the time-based one-time password (TOTP) that the device generates. In either case, the user gets back temporary security credentials that the user can then use to make additional requests to AWS.

https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_mfa_configure-api-require.html