Open genifycom opened 3 years ago
This issue is broader than just signing requests. Here are a list of the System.Security.Cryptography lib api used in aws-sdk-net that are not currently supported in WASM: ICryptoTransform SymmetricAlgorithm PaddingMode.PKCS7 CipherMode.CBC Aes CryptoStream CryptoStreamMode.Read KeyedHashAlgorithm HMACSHA256() HMACSHA1() HashAlgorithm HashAlgorithmName RSAParameters RSACryptoServiceProvider RSAEncryptionPadding.Pkcs1 CipherMode.ECB AsymmetricProvider SymmetricProvider System.Security.Cryptography.X509Certificates X509Certificate2
To generate this list yourself and explore specific details, follow these steps:
git clone https://github.com/aws/aws-sdk-net.git
Open the aws-sdk-net/sdk/AWSSDK.NetStandard.sln in Visual Studio. Use “find in files” on the search string “System.Security.Cryptography”. About 20 files are found with references.
Examine each file for references to the Cryptography library. For each file, comment out the using reference and then look at each reference that code analysis indicates has an error. Compare that reference to the list of api currently supported in the WASM version of the Cryptography library. https://docs.microsoft.com/en-us/dotnet/core/compatibility/cryptography/5.0/cryptography-apis-not-supported-on-blazor-webassembly
Any reference not currently supported by the WASM version of the Cryptography library will throw an exception when used in a Blazor client.
Perhaps you guys could have a heart-to-heart with the .NET team about this.
I'm interested in this too. Looks like the runtime issue is here: https://github.com/dotnet/runtime/issues/40074 looks like it got bumped to .NET 7
Perhaps bouncycastle could be used? The portable version might work: https://github.com/novotnyllc/bc-csharp
I realize changing to anything else is non-trivial.
We have noticed this issue has not received attention in 1 year. We will close this issue for now. If you think this is in error, please feel free to comment and reopen the issue.
Reopening while troubleshooting a scenario from an internal user now that .NET 7 has launched.
Targeting .NET 7 (and configuring CORS for my bucket) I am now able to run the following in a Blazor WebAssembly app.
@page "/s3"
@using Amazon;
@using Amazon.S3;
@using Amazon.S3.Model;
<PageTitle>Load From S3</PageTitle>
<p>Message from S3: @s3Message</p>
<button class="btn btn-primary" @onclick="LoadFromS3">Click me</button>
@code {
private string s3Message = "";
private async Task LoadFromS3()
{
var credentials = <redacted>;
var config = new AmazonS3Config
{
UseAlternateUserAgentHeader = true,
RegionEndpoint = Amazon.RegionEndpoint.USEast1
};
var client = new AmazonS3Client(credentials, config);
var request = new GetObjectRequest
{
BucketName = "<bucket>",
Key = "<key>"
};
var response = await client.GetObjectAsync(request);
s3Message = new StreamReader(response.ResponseStream).ReadToEnd();
}
}
Needing UseAlternateUserAgentHeader
is somewhat subtle, we may want to consider improving our documentation and/or more fully testing the SDK in Blazor WebAssembly and .NET 7.
@ashovlin -- thanks for sharing/point this work around [this is super exciting given my desire to use the AWS SDK with a Blazor WASM app]!
I was able to reproduce this exactly on my end with updating the CORS policy on my target bucket and retrieving data from an object in a bucket, as well as with ListObjectsV2Async. However, if I try some other S3 operations that are not specific to a bucket (which one can enable CORS on -- e.g. ListBuckets) - I get a CORS error. Is this expected?
AWS SDK uses HmacSHA256 or HmacSHA1 for signing requests depending on the configuration which are not available in WASM
Microsoft plans to introduce HMACSHA* algorithms in .NET 7.
Describe the Feature
Use an alternative signing method for WASM
Is your Feature Request related to a problem?
It would be extremely useful to have AWSSDK .NET Core functions available from Blazor WebAssembly
Proposed Solution
Offer an alternative signing algorithm
Describe alternatives you've considered
Additional Context
Environment
This is a :rocket: Feature Request