S3 giving 403 Unauthorized in Xamarin/Mono

[johnbfair]

I'm currently getting an exception trying to build a sample application w/ the S3 TypeProvider.

Here's the request in Charles: GET / HTTP/1.1 Date Mon, 24 Feb 2014 18:48:11 GMT User-Agent S3Provider (https://github.com/theburningmonk/S3Provider/) Authorization AWS AKIAIQIY2NVSKQNBOWVA:c5kFZZe20qrpixqpZgCi6mRY9cM= Host s3.amazonaws.com

Here's the response in Charles:

<Error>
    <Code>SignatureDoesNotMatch</Code>
    <Message>The request signature we calculated does not match the signature you provided. Check your key and signing method.</Message>
    <StringToSignBytes>47 45 54 0a 0a 0a 4d 6f 6e 2c 20 32 34 20 46 65 62 20 32 30 31 34 20 31 38 3a 34 38 3a 31 31 20 47 4d 54 0a 2f</StringToSignBytes>
    <RequestId>5662283F4958880B</RequestId>
    <HostId>/3YHHXV/gCYDDR7pNqEWoUkc6+PvNrYP0Z54SBulNmD/nNGGf4juNXFRt10HB0FL</HostId>
    <SignatureProvided>c5kFZZe20qrpixqpZgCi6mRY9cM=</SignatureProvided>
    <StringToSign>GET
        Mon, 24 Feb 2014 18:48:11 GMT /</StringToSign>
    <AWSAccessKeyId>AKIAIQIY2NVSKQNBOWVA</AWSAccessKeyId>
</Error>

Here's the Exception generated by the S3Provider: /Users/jfair2/Sites/S3LogParser/S3LogParser/Program.fs(11,11): Error FS3021: Unexpected exception from provided type 'S3Provider.Account,awsKey="{removed}",awsSecret="{removed}"' member 'GetMethods': The type provider 'AwsProviders.S3Provider' reported an error: The remote server returned an error: (403) Forbidden. (FS3021) (S3LogParser)

PS I've deleted the key in AWS that was used to generate this failure for security reasons.

[theburningmonk]

Hi, I've been trying to replicate this and the only way I've managed to do so is by manually setting my system clock so that it's more than 15 minutes out-of-sync with AWS, or set my system clock to be in the wrong time zone.

The AWS authentication requires a time component using the current UTC time, which is why authentication fails in this case.

[johnbfair]

Hi Yan,

It just occurred to me that it could (i.e. likely is) be my corporate proxy. I'm going to re-run my experiment tonight from home and see if that solves it. Our proxy gets in the way of a number of things, so I wouldn't be surprised if this issue has been on my side the whole time.

Side question: are there any proxy settings (maybe at the SDK level) that you know of?

Sorry if this has been a wild goose chase. :frowning: John

[theburningmonk]

Ok, no worries, let me know how it goes with testing, I'll be interested to know if it is the proxy that's blocking the connections. Have you had trouble connecting to S3 using the AWSSDK for .Net or 3rd party tools like cyberduck or cloudberry explorer?

I'm not aware of any proxy settings at the AWSSDK level, and for the type provider I didn't want to add dependency to the SDK since it often gets in the way (since it's a strong named assembly it requires binding redirects if you already have a dependency against a different version of the AWSSDK to the one used by the type provider) with my other AWS-related libraries.

[johnbfair]

Nope, no issues w/ the proxy connecting to S3 any other way. But that doesn't necessarily mean we're out of the woods yet. :wink: Proxies are mischievous little things...

[theburningmonk]

What other ways have you tried? Maybe these 3rd party tools are doing something smart to deal with proxies.

Are you able to try from a different machine perhaps? Maybe one that's not behind a proxy just so that we can rule out proxy as a cause.

[johnbfair]

I tried off of our Proxy and it worked. Sorry for the noise! I should have guessed it was being a jerk. :wink:

[theburningmonk]

No worries, good to know that proxies can interfere in this way. Interesting that it doesn't seem to impact when you access S3 in other ways, need to look into that.