search

aws / aws-sdk-net

The official AWS SDK for .NET. For more information on the AWS SDK for .NET, see our web site:
http://aws.amazon.com/sdkfornet/
Apache License 2.0
2.06k stars 855 forks source link

Cannot use .NET Core AWSSDK with WASM #1895

Open genifycom opened 3 years ago

genifycom commented 3 years ago

AWS SDK uses HmacSHA256 or HmacSHA1 for signing requests depending on the configuration which are not available in WASM

Microsoft plans to introduce HMACSHA* algorithms in .NET 7.

Describe the Feature

Use an alternative signing method for WASM

Is your Feature Request related to a problem?

It would be extremely useful to have AWSSDK .NET Core functions available from Blazor WebAssembly

Proposed Solution

Offer an alternative signing algorithm

Describe alternatives you've considered

Additional Context

Environment

This is a :rocket: Feature Request

tmay57 commented 3 years ago

This issue is broader than just signing requests. Here are a list of the System.Security.Cryptography lib api used in aws-sdk-net that are not currently supported in WASM: ICryptoTransform SymmetricAlgorithm PaddingMode.PKCS7 CipherMode.CBC Aes CryptoStream CryptoStreamMode.Read KeyedHashAlgorithm HMACSHA256() HMACSHA1() HashAlgorithm HashAlgorithmName RSAParameters RSACryptoServiceProvider RSAEncryptionPadding.Pkcs1 CipherMode.ECB AsymmetricProvider SymmetricProvider System.Security.Cryptography.X509Certificates X509Certificate2

To generate this list yourself and explore specific details, follow these steps:

git clone https://github.com/aws/aws-sdk-net.git

Open the aws-sdk-net/sdk/AWSSDK.NetStandard.sln in Visual Studio. Use “find in files” on the search string “System.Security.Cryptography”. About 20 files are found with references.

Examine each file for references to the Cryptography library. For each file, comment out the using reference and then look at each reference that code analysis indicates has an error. Compare that reference to the list of api currently supported in the WASM version of the Cryptography library. https://docs.microsoft.com/en-us/dotnet/core/compatibility/cryptography/5.0/cryptography-apis-not-supported-on-blazor-webassembly

Any reference not currently supported by the WASM version of the Cryptography library will throw an exception when used in a Blazor client.

Perhaps you guys could have a heart-to-heart with the .NET team about this.

adamhathcock commented 3 years ago

I'm interested in this too. Looks like the runtime issue is here: https://github.com/dotnet/runtime/issues/40074 looks like it got bumped to .NET 7

Perhaps bouncycastle could be used? The portable version might work: https://github.com/novotnyllc/bc-csharp

I realize changing to anything else is non-trivial.

github-actions[bot] commented 2 years ago

We have noticed this issue has not received attention in 1 year. We will close this issue for now. If you think this is in error, please feel free to comment and reopen the issue.

ashovlin commented 1 year ago

Reopening while troubleshooting a scenario from an internal user now that .NET 7 has launched.

Targeting .NET 7 (and configuring CORS for my bucket) I am now able to run the following in a Blazor WebAssembly app.

@page "/s3"

@using Amazon;
@using Amazon.S3;
@using Amazon.S3.Model;

<PageTitle>Load From S3</PageTitle>

<p>Message from S3: @s3Message</p>

<button class="btn btn-primary" @onclick="LoadFromS3">Click me</button>

@code {
    private string s3Message = "";

    private async Task LoadFromS3()
    {
        var credentials = <redacted>;

        var config = new AmazonS3Config
        {
            UseAlternateUserAgentHeader = true,
            RegionEndpoint = Amazon.RegionEndpoint.USEast1
        };

        var client = new AmazonS3Client(credentials, config);

        var request = new GetObjectRequest
        {
            BucketName = "<bucket>",
            Key = "<key>"
        };

        var response = await client.GetObjectAsync(request);
        s3Message = new StreamReader(response.ResponseStream).ReadToEnd();
    }
}

Needing UseAlternateUserAgentHeader is somewhat subtle, we may want to consider improving our documentation and/or more fully testing the SDK in Blazor WebAssembly and .NET 7.

skirk-mpr commented 11 months ago

@ashovlin -- thanks for sharing/point this work around [this is super exciting given my desire to use the AWS SDK with a Blazor WASM app]!

I was able to reproduce this exactly on my end with updating the CORS policy on my target bucket and retrieving data from an object in a bucket, as well as with ListObjectsV2Async. However, if I try some other S3 operations that are not specific to a bucket (which one can enable CORS on -- e.g. ListBuckets) - I get a CORS error. Is this expected?