New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
AmazonSecurityTokenServiceClient AssumeRoleAsync duplicated user agent header causes SignatureDoesNotMatch error #2567
Comments
Reproducible intermittently (only if network monitoring tool is running in background) using the below code (using using Amazon.SecurityToken;
using Amazon.SecurityToken.Model;
string accessKey = "<<access-key>>";
string secretKey = "<<secret-key>>";
string roleArn = "<<arn-of-role-to-assume>>";
var parallelTasks = Enumerable.Range(0, 6).Select(i =>
{
return Task.Run(async () =>
{
using AmazonSecurityTokenServiceClient STSClient = new AmazonSecurityTokenServiceClient(accessKey, secretKey);
AssumeRoleResponse response = await STSClient.AssumeRoleAsync(new AssumeRoleRequest()
{
RoleArn = roleArn,
DurationSeconds = 3600,
RoleSessionName = Guid.NewGuid().ToString()
});
Console.WriteLine($"Iteration {i}, response: {response.Credentials}");
});
});
await Task.WhenAll(parallelTasks); Launched Fiddler in background to capture network traffic. Failed Fiddler trace:
However, the issue is reproducible only if network monitoring tool (Fiddler in this case) is running in background to capture network traffic. Needs review with the team. @Xriuk Please share the following:
Thanks, |
Yes, I confirm that I had Fiddler open in the background, also without it open it seems that everything works. |
@Xriuk Thanks for your response. Fiddler is a network proxy tool, so I'm unsure if there is an issue with fiddler which is messing up the user agent header. Please confirm if this issue is closed since it's not feasible to troubleshoot Fiddler issue. Thanks, |
|
Describe the bug
I'm signing Amazon SP-API requests with my AWS role, I have a service which has two (or more) instances running in parallel via Tasks each instance tries to assume the same AWS role and one of them fails.
I inspected the requests and the one failing has the
user-agent
header which gets duplicated.I had no problems until I ran 2 services in parallel.
Here's my code:
Here's the request that succeeds:
And here's the one failing:
As you can see the
user-agent
header is repeated twiceExpected Behavior
The request should have the correct
user-agent
headerCurrent Behavior
The request fails with the response:
Reproduction Steps
Try to run two (or more) Tasks in parallel which try to assume the same role
Possible Solution
No response
Additional Information/Context
No response
AWS .NET SDK and/or Package version used
AWSSDK.SecurityToken 3.7.101.8
Targeted .NET Platform
.NET 6
Operating System and version
Windows 10
The text was updated successfully, but these errors were encountered: