Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

AWS SDK for .NET can't access credentials with IIS

I'm having some trouble accessing the AWS credentials in the SDK Store, but it seems to only be a problem when running under IIS. If I hit the same code by invoking an NUnit test with ReSharper the dependency injection works and the S3 client is able to authenticate.

IAmazonS3 s3Client = new AmazonS3Client();

Has anyone else run into this problem? How were you able to get the dependency injection to work?

[Edit]

The credential file approach has been recommended for use with IIS because the SDK Store encrypts the credentials differently for each user. I can only get a credentials file to work if I hard-code the path in the appSettings which I do not want to do.

Where would the SDK look for the credentials file besides the below paths?

C:\Users\<IIS_app_name>\.aws\credentials
C:\Users\<my_domain_user>\.aws\credentials
like image 841
tponthieux Avatar asked Aug 29 '14 01:08

tponthieux


2 Answers

The question was answered under Pavel's answer, but I'll post an answer to make the information easier to consume. You can specify the credentials file location in the webLocal.config (I wasn't able to get it to work without that). When the app is deployed, the credentials file location will be an invalid path, and the SDK will fail over to using the IAM role for the EC2 instance.

webLocal.config

<?xml version="1.0"?>
<appSettings>
    <!-- AWS -->
    <add key="AWSProfilesLocation" value="C:\Users\<IIS_app_name>\.aws\credentials" />
    <add key="AWSRegion" value="us-west-2" />
    <add key="S3Bucket" value="bucket." />
</appSettings>

The dependency injection will work when you instantiate a client without arguments.

IAmazonS3 s3Client = new AmazonS3Client();
like image 169
tponthieux Avatar answered Sep 19 '22 15:09

tponthieux


The SDK Store saves the credentials under the C:\Users\<username>\AppData\Local\AWSToolkit folder, so unless IIS is being run under the same account as the NUnit tests, IIS will not be able to access the same credentials.

This blog discusses the various options for storing and using credentials. In your case, it looks like a better option would be to use the credentials file.

like image 40
Pavel Safronov Avatar answered Sep 18 '22 15:09

Pavel Safronov