AmazonS3Client constructor in .Net Core throws when running on Service Fabric (windows only)

[stefando]

I need to upload data to S3 from dotnet core service on Service Fabric cluster.

Expected behavior:

I should be able to use aswsdk.s3 nuget and upload data.

Actual behavior:

The following code throws:

var s3 = new AmazonS3Client(awsAccountKey, awsSecret, RegionEndpoint.EUCentral1);

System.TypeInitializationException: 'The type initializer for 'Amazon.Runtime.Internal.DeterminedCSMConfiguration' threw an exception.'
Inner exception: UnauthorizedAccessException: Access to the path 'C:\WINDOWS\system32\config\systemprofile' is denied.

Context

The code only throws when running on windows Service Fabric cluster + dotnet core.
It runs OK in these environments:

• Standalone dotnet core application (as normal user as well as Network Service (via PSExec)
• On Service Fabric cluster on the full framework (net462)
• On Linux Service Fabric cluster + dotnet core

My Environment

• netcoreapp2.1
• AWSSDK.S3 Version="3.3.25"
• Microsoft.ServiceFabric.Services Version="3.2.187"

[normj]

Looks like you have uncovered an issue with a new feature that was added to version 3.3.26 of AWSSDK.Core which AWSSDK.S3 uses. I'll take a look at getting that fixed but I believe you can work around the issue now by using version 3.3.24.0 of AWSSDK.S3. You also might want to take an explicit dependency on version 3.3.25.4 of AWSSDK.Core so you for sure aren't bring in 3.3.26.

I'll work on getting the fix out for the latest AWSSDK.Core so nobody is forced to use older versions.

[monty241]

Same on CloudWatch with Core on latest SDK.

[costleya]

This was resolved in AWSSDK.Core 3.3.27.3.

[monty241]

Tested with AWSSDK.CloudWatch v3.3.8.4 which has dependency core 3.3.27.3.

Still occurs:

11:16:17.65823-0-3: 11:16:12.46830-7: !! First chance exception handling of type 'UnauthorizedAccessException':
11:16:17.65823-0-3: 11:16:12.46830-7: Access to the path 'C:\Windows\system32\config\systemprofile\.aws\credentials' is denied.
11:16:17.65823-0-3: 11:16:12.47130-7: !! All stack traces:
11:16:17.65923-0-3: 11:16:12.47130-7: !!    at System.Environment.GetStackTrace(Exception e, Boolean needFileInfo)
   at System.Environment.get_StackTrace()
   at Invantive.Data.Error.CurrentDomain_FirstChanceException(Object sender, FirstChanceExceptionEventArgs e)
   at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
   at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy, Boolean useLongPath, Boolean checkHost)
   at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String msgPath, Boolean bFromProxy, Boolean useLongPath, Boolean checkHost)
   at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks, Int32 bufferSize, Boolean checkHost)
   at System.IO.File.InternalReadAllText(String path, Encoding encoding, Boolean checkHost)
   at Amazon.Runtime.Internal.Util.OptimisticLockedTextFile.Read()
   at Amazon.Runtime.Internal.Util.IniFile..ctor(String filePath)
   at Amazon.Runtime.CredentialManagement.SharedCredentialsFile.Refresh()
   at Amazon.Runtime.CredentialManagement.CredentialProfileStoreChain.TryGetProfile(String profileName, CredentialProfile& profile)
   at Amazon.Runtime.Internal.ProfileCSMConfigs..ctor(ICredentialProfileSource source, CSMFallbackConfigChain cSMFallbackConfigChain)
   at Amazon.Runtime.Internal.CSMFallbackConfigChain.<.ctor>b__19_2()
   at Amazon.Runtime.Internal.CSMFallbackConfigChain.GetCSMConfig()
   at Amazon.Runtime.Internal.DeterminedCSMConfiguration..ctor()
   at Amazon.Runtime.Internal.DeterminedCSMConfiguration..cctor()
   at Amazon.Runtime.Internal.DeterminedCSMConfiguration.get_Instance()
   at Amazon.Runtime.AmazonServiceClient.BuildRuntimePipeline()
   at Amazon.CloudWatch.AmazonCloudWatchClient..ctor(String awsAccessKeyId, String awsSecretAccessKey, AmazonCloudWatchConfig clientConfig)
   at Invantive.Producer.WebhookReceiver.Daemon.Processor.ExecuteMonitoringEvents() in 

Checked properties of awssdk.cloudwatch.dll in use: file version 3.3.8.4. AWSSDK.Core: file version .3.3.27.3.

[sstevenkang]

re-opening.

[spati2]

Looking into it

[spati2]

Hi @monty241 . Thank you for getting back to us. I tried to replicate this scenario by creating a windows service application on .NET461 and tested it against latest Cloudwatch nuget package. I set a profile location that doesnt exist and it resulted in an UnauthorizedAccessException which was caught by the code here and the service application executed successfully. Could you provide more details so that we could repro your issue?

1. What is the framework of the windows service application?
2. Are you deploying your application on a different system?

Additionally could you clean all your nuget packages and try rerunning the application? https://stackoverflow.com/questions/30933277/how-to-clear-nuget-package-cache-using-command-line

[monty241]

Tested on Microsoft .NET 4.7.2, Windows 2012R2 (6.2.9200.0) with all updates, starting from service running as "SYSTEM" account, x64.

!! First chance exception handling of type 'UnauthorizedAccessException':
Access to the path 'C:\Windows\system32\config\systemprofile.aws\credentials' is denied.

Call stack was:

11:16:17.65823-0-3: 11:16:12.47130-7: !! All stack traces:
11:16:17.65923-0-3: 11:16:12.47130-7: !!    at System.Environment.GetStackTrace(Exception e, Boolean needFileInfo)
   at System.Environment.get_StackTrace()
   at Invantive.Data.Error.CurrentDomain_FirstChanceException(Object sender, FirstChanceExceptionEventArgs e)
   at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
   at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy, Boolean useLongPath, Boolean checkHost)
   at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String msgPath, Boolean bFromProxy, Boolean useLongPath, Boolean checkHost)
   at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks, Int32 bufferSize, Boolean checkHost)
   at System.IO.File.InternalReadAllText(String path, Encoding encoding, Boolean checkHost)
   at Amazon.Runtime.Internal.Util.OptimisticLockedTextFile.Read()
   at Amazon.Runtime.Internal.Util.IniFile..ctor(String filePath)
   at Amazon.Runtime.CredentialManagement.SharedCredentialsFile.Refresh()
   at Amazon.Runtime.CredentialManagement.CredentialProfileStoreChain.TryGetProfile(String profileName, CredentialProfile& profile)
   at Amazon.Runtime.Internal.ProfileCSMConfigs..ctor(ICredentialProfileSource source, CSMFallbackConfigChain cSMFallbackConfigChain)
   at Amazon.Runtime.Internal.CSMFallbackConfigChain.<.ctor>b__19_2()
   at Amazon.Runtime.Internal.CSMFallbackConfigChain.GetCSMConfig()
   at Amazon.Runtime.Internal.DeterminedCSMConfiguration..ctor()
   at Amazon.Runtime.Internal.DeterminedCSMConfiguration..cctor()
   at Amazon.Runtime.Internal.DeterminedCSMConfiguration.get_Instance()
   at Amazon.Runtime.AmazonServiceClient.BuildRuntimePipeline()
   at Amazon.CloudWatch.AmazonCloudWatchClient..ctor(String awsAccessKeyId, String awsSecretAccessKey, AmazonCloudWatchConfig clientConfig)
   at Invantive.Producer.WebhookReceiver.Daemon.Processor.ExecuteMonitoringEvents() in 

[monty241]

When I should add verbose logging please let me know how to enable.

[spati2]

Could you provide a sample windows service for which you were able to repro this issue?

[spati2]

Also, could you confirm that you cleaned all your local Nuget packages?

[spati2]

Closing issue due to lack of activity. Please reopen if you are still facing the same issue.