使用 Lambda for .NET 中的 AWS Cognito

Question

我正在尝试 AWS 中未经身份验证/匿名的用户访问，并希望通过 Lambda 从 Cognito 获取生成的令牌。

由于以下错误，我无法让它在 lambda 中运行。

This functionality is not implemented in the portable version of this assembly

{
  "errorType": "NotImplementedException",
  "errorMessage": "This functionality is not implemented in the portable version of this assembly. You should reference the AWSSDK.Core NuGet package from your main application project in order to reference the platform-specific implementation.",
  "stackTrace": [
    "at Amazon.Util.Internal.PlatformServices.ApplicationSettings.GetValue(String key, ApplicationSettingsMode mode)",
    "at Amazon.CognitoIdentity.CognitoAWSCredentials.GetCachedIdentityId()",
    "at Amazon.CognitoIdentity.CognitoAWSCredentials..ctor(String accountId, String identityPoolId, String unAuthRoleArn, String authRoleArn, IAmazonCognitoIdentity cibClient, IAmazonSecurityTokenService stsClient)",
    "at Amazon.CognitoIdentity.CognitoAWSCredentials..ctor(String accountId, String identityPoolId, String unAuthRoleArn, String authRoleArn, RegionEndpoint region)",
    "at AwsDotnetCsharp.AuthHandler.Get(APIGatewayProxyRequest request, ILambdaContext context)",
    "at lambda_method(Closure , Stream , Stream , ContextInfo )"
  ]
}

Lambda 是较新的 C# dotnet 核心版本，而不是 javascript。我在 project.json 中引用 AWSSDK.Core 和 AWSSDK.SecurityToken

CognitoAWSCredentials 与 dotnet 核心（.net 标准 1.6）不兼容（目前），在 nuget 网站上认为它是 3.3.1.1 版（https://www.nuget.org/packages/AWSSDK.CognitoIdentity/）。

我的 lambda 代码是 ...（可能不正确，但我无法让它运行以继续前进）

public class AuthHandler
    {
        public APIGatewayProxyResponse Get(APIGatewayProxyRequest request, ILambdaContext context)
        {
            CognitoAWSCredentials credentials =
                new CognitoAWSCredentials("us-east-1:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx", Amazon.RegionEndpoint.USEast1);

            var identityPoolId = credentials.GetIdentityIdAsync();

            AmazonCognitoIdentityClient cognitoClient = new AmazonCognitoIdentityClient(
                credentials, // the anonymous credentials
                Amazon.RegionEndpoint.USEast1 // the Amazon Cognito region
            );

            GetIdRequest idRequest = new GetIdRequest();
            idRequest.AccountId = "############";
            idRequest.IdentityPoolId = identityPoolId.Result;

            var idResp = cognitoClient.GetIdAsync(idRequest);

            var id = idResp.Result.IdentityId;

            var response = new APIGatewayProxyResponse
            {
                StatusCode = (int)HttpStatusCode.OK,
                Body = $"{{ \"{id}\" }}",
                Headers = new Dictionary<string, string> { { "Content-Type", "application/json" } }
            };

            return response;
        }
    }

需要什么才能让它工作？

Answer 1

这里的主要问题是 .net Framework 4.5 和 .net Standard 的 AWSSDK.Core 模块没有实现 Amazon.Util.Internal.PlatformServices.IApplicationSettings 接口。异常消息表明它仅针对特定平台版本实现，例如 Xamarin、Windows Phone 和 Windows Universal。您可以在此处查看实现：https://github.com/aws/aws-sdk-net/tree/master/sdk/src/Core/Amazon.Util/Internal/PlatformServices

您需要通过直接调用AmazonCognitoIdentityClient 来解决它，而不是使用CognitoAWSCredentials 对象。

使用客户端获取 AWS 身份的示例位于 https://aws.amazon.com/blogs/mobile/use-amazon-cognito-in-your-website-for-simple-aws-authentication/

// initialize a set of anonymous AWS credentials for our API calls
AnonymousAWSCredentials cred = new AnonymousAWSCredentials ();

// initialize the Cognito identity client and prepare a request object
// to get the identity id
AmazonCognitoIdentityClient cognitoClient = new AmazonCognitoIdentityClient(
    cred, // the anonymous credentials
    RegionEndpoint.USEast1 // the Amazon Cognito region
);

GetIdRequest idRequest = new GetIdRequest ();
idRequest.AccountId = "YOUR_AWS_ACCOUNT_ID";
idRequest.IdentityPoolId = "YOUR_COGNITO_IDENTITY_POOL_ID";
// set the Dictionary of logins if you are authenticating users 
// through an identity provider
//idRequest.Logins = new Dictionary {
//  { "graph.facebook.com", "FacebookSessionToken" }
//};

// The identity id is in the IdentityId parameter of the response object
GetIdResponse idResp = cognitoClient.GetId (idRequest);