AWS SDK access key logins don't function under .net core 2.1

[replaysMike]

I spent quite a bit of time fighting this error after realizing it was only ocurring on .net core 2.1 projects - seems fine under .net core 2.0.

Expected Behavior

Authenticating for SQS services should accept valid access key credentials.

Current Behavior

An error is thrown, the dreaded: The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method

Possible Solution

Only solution currently is to switch your project to .net core 2.0.

Steps to Reproduce (for bugs)

Using correct credentials, try connecting to the amazon api endpoints.

Context

Using the latest Amazon SQS client for .net when trying to AmazonSQSClient.GetQueueUrlAsync() the web services throws the following error:

The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details.

The Canonical String for this request should have been
'POST
/

content-type:application/x-www-form-urlencoded; charset=utf-8
host:sqs.us-east-1.amazonaws.com
user-agent:aws-sdk-dotnet-coreclr/3.3.3.5, aws-sdk-dotnet-core/3.3.21.19, .NET_Core/4.6.26406.07, OS/Microsoft_Windows_10.0.16299, ClientAsync
x-amz-content-sha256:5097dc521171db37cc3c6bdf00671b922eb1d4bc20f0c6eb7a359850f99942d1
x-amz-date:20180417T022827Z

content-type;host;user-agent;x-amz-content-sha256;x-amz-date
5097dc521171db37cc3c6bdf00671b922eb1d4bc20f0c6eb7a359850f99942d1'

The String-to-Sign should have been
'AWS4-HMAC-SHA256
20180417T022827Z
20180417/us-east-1/sqs/aws4_request
d37312e110443eb0c9f5faed75e96b78130f4a33958e17df3f3c4fdf485181e5'

Your Environment

• AWSSDK.Core version used: 3.3.21.19
• Service assembly and version used:
• Operating System and version: Windows 10 x64
• Visual Studio version: VS2017 preview-3 15.7.0
• Targeted .NET platform: 4.5, /NETStandard 2.0

.NET Core Info

.Net core 2.1

[replaysMike]

I'm unable to capture the request under .net core 2.1, perhaps because no request is being issued. It may be failing the precheck before a request is issued, and there doesn't seem to be an easy way to see what exactly it's generating beforehand.

[bmarder]

@replaysMike Set environement appsetting DOTNET_SYSTEM_NET_HTTP_USESOCKETSHTTPHANDLER to 0 as a temporary fix.

See https://blogs.msdn.microsoft.com/dotnet/2018/04/11/announcing-net-core-2-1-preview-2/ and the section "Sockets Performance and SocketsHttpHandler" for more details.

[replaysMike]

great suggestion! In code I set: AppContext.SetSwitch("System.Net.Http.UseSocketsHttpHandler", false); and the problem is solved. I was unable to get it to work when setting via configProperties in runtimeconfig.json, but I'm fine with a code level solution.

Much thanks for finding that!

[sstevenkang]

@replaysMike I am going to keep this open because we would like to investigate why manged http handler fails to make requests to AWS.

[normj]

The issue is related to this GitHub issue https://github.com/dotnet/corefx/issues/28951 from the .NET repo. The basic issue is the user agent string is getting converted by the .NET HttpClient to be a comma delimited string which is different that was used when the SDK computed the signature. A fix was checked in and I confirmed from the daily builds that the AWS SDK is working again. I'm confirming on the issue that the change is going out with .NET Core 2.1 which I assume is the plan.

[normj]

I'm going to close this as I got confirmation that the issue is fixed for the next release prerelease of .NET Core 2.1