Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

API Gateway Signature 4 error #958

Closed
niraj-bpsoftware opened this issue May 20, 2018 · 1 comment
Closed

API Gateway Signature 4 error #958

niraj-bpsoftware opened this issue May 20, 2018 · 1 comment
Labels
guidance Question that needs advice or information.

Comments

@niraj-bpsoftware
Copy link

niraj-bpsoftware commented May 20, 2018
edited

I am trying to invoke API mentioned in URL above using AWS_IAM and facing issues for signature 4 calculations.

Expected Behavior

API Gateway invoke should be successful with signed requests.

Current Behavior

To sign the request, there is not out of box code available at the moment for .NET. I am taking reference from following codebase from AWS Documentation for signing the request:

https://docs.aws.amazon.com/AmazonS3/latest/API/sig-v4-examples-using-sdks.html?shortFooter=true#sig-v4-examples-using-sdk-dotnet

In above solution, I have added the file ApiGatewayGet.cs to make Get request call.

`public class ApiGatewayGet
{
    static readonly string AWSAccessKey = ConfigurationManager.AppSettings["AWSAccessKey"];
    static readonly string AWSSecretKey = ConfigurationManager.AppSettings["AWSSecretKey"];
    static readonly string AWSSessionToken = ConfigurationManager.AppSettings["AWSSessionToken"];
    /// <summary>
    /// Request the content of an object from the specified bucket using virtual hosted-style 
    /// object addressing.
    /// </summary>
    public static void Run(string region, string apikey, string resourcemethod)
    {
        Console.WriteLine("ApiGatewaySample");

        var endpointUri = string.Format("https://{0}.execute-api.{1}.amazonaws.com/{2}",
                                           apikey,
                                            region,
                                            resourcemethod);
        var uri = new Uri(endpointUri);

        // for a simple GET, we have no body so supply the precomputed 'empty' hash
        var headers = new Dictionary<string, string>
        {
            {AWS4SignerBase.X_Amz_Content_SHA256, AWS4SignerBase.EMPTY_BODY_SHA256},
            {"content-type", "application/json"}
        };

        var signer = new AWS4SignerForAuthorizationHeader
        {
            EndpointUri = uri,
            HttpMethod = "GET",
            Service = "execute-api",
            Region = "ap-southeast-2"
        };
        // construct the query parameter string to accompany the url
        var queryParams = new StringBuilder();
        queryParams.AppendFormat("{0}={1}", AWS4SignerBase.X_Amz_Expires, JsonConvert.SerializeObject(filter));
        headers.Add("X-Amz-Security-Token", AWSSessionToken);
        var authorization = signer.ComputeSignature(headers,
                                                    "Id=1",   //query parameter
                                                    AWS4SignerBase.EMPTY_BODY_SHA256,
                                                    AWSAccessKey,
                                                    AWSSecretKey);

        // place the computed signature into a formatted 'Authorization' header 
        // and call S3
        headers.Add("Authorization", authorization);
        
        //headers.Add("X-Amz-Security-Token", "true");
        Console.WriteLine("Authroization:  ");
        Console.WriteLine(authorization);

        HttpHelpers.InvokeHttpRequest(uri, "GET", headers, null);
        Console.ReadLine();
    }
}`

I am calling the Run method of ApiGatewayGet.cs classs as below:
Console.WriteLine("************************************************");
ApiGatewayGet.Run(awsRegion, "lgiiaz1lt2", "DEV/locations");

However it throws following error:
{"message":"The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details."}

However, I am able to make this same call successfully through POSTMAN. So there is some error in signature calculations here which I am not able to detect.

Possible Solution

Ideally SDK should provide signing requests out of the box. It's been in feature request list for quite a long time (#397)

If anyone can suggest what am I missing here or suggest a code that works for signing requests to invoke AWS API Gateway calls, it would be helpful.

Steps to Reproduce (for bugs)

  1. Download and open solution: http://docs.aws.amazon.com/AmazonS3/latest/API/samples/AmazonS3SigV4_Samples_CSharp.zip.
  2. Add ApiGatewayGet.cs class mentioned above.
  3. Provide SecretKey, AccessKey and SessionToken in App.Config.
  4. Add following code in Program.cs file in solution. You can comment out existing code.
    Console.WriteLine("************************************************"); ApiGatewayGet.Run(awsRegion, "lgiiaz1lt2", "DEV/locations");
  5. Run the solution

Context

Your Environment

  • AWSSDK.Core version used: NA
  • Service assembly and version used: NA
  • Operating System and version: NA
  • Visual Studio version: 2017
  • Targeted .NET platform: 4 or higher
@sstevenkang
Copy link
Contributor

The signer in the SDK is not meant to be used to sign API Gateway requests. Unfortunately you may have to roll your own signer using the SDK's signer as an example.

@klaytaybai klaytaybai added the guidance Question that needs advice or information. label Jan 1, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
guidance Question that needs advice or information.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@sstevenkang @klaytaybai @niraj-bpsoftware