AWS SDK Version 3 for .NET
API Reference

AWS services or capabilities described in AWS Documentation may vary by region/location. Click Getting Started with Amazon AWS to see specific differences applicable to the China (Beijing) Region.

Temporary credentials that are created following successful authentication with a federated endpoint supporting SAML.

Inheritance Hierarchy

System.Object
  Amazon.Runtime.AWSCredentials
    Amazon.Runtime.RefreshingAWSCredentials
      Amazon.Runtime.StoredProfileFederatedCredentials

Namespace: Amazon.Runtime
Assembly: AWSSDK.Core.dll
Version: 3.x.y.z

Syntax

C#
public class StoredProfileFederatedCredentials : RefreshingAWSCredentials

The StoredProfileFederatedCredentials type exposes the following members

Constructors

NameDescription
Public Method StoredProfileFederatedCredentials()

Constructs an instance of StoredProfileFederatedCredentials using the profile name specified in the App.config. If no profile name is specified then the default credentials are used.

Public Method StoredProfileFederatedCredentials(string)

Constructs an instance of StoredProfileFederatedCredentials. Credentials will be searched for using the profileName parameter.

Public Method StoredProfileFederatedCredentials(string, string)

Constructs an instance of StoredProfileFederatedCredentials. After construction call one of the Authenticate methods to authenticate the user/process and obtain temporary AWS credentials.

For users who are domain joined (the role profile does not contain user identity information) the temporary credentials will be refreshed automatically as needed. Non domain-joined users (those with user identity data in the profile) are required to re-authenticate when credential refresh is required. An exception is thrown when attempt is made to refresh credentials in this scenario. The consuming code of this class should catch the exception and prompt the user for credentials, then call Authenticate to re-initialize with a new set of temporary AWS credentials.

Public Method StoredProfileFederatedCredentials(string, string, WebProxy)

Constructs an instance of StoredProfileFederatedCredentials. After construction call one of the Authenticate methods to authenticate the user/process and obtain temporary AWS credentials.

For users who are domain joined (the role profile does not contain user identity information) the temporary credentials will be refreshed automatically as needed. Non domain-joined users (those with user identity data in the profile) are required to re-authenticate when credential refresh is required. An exception is thrown when attempt is made to refresh credentials in this scenario. The consuming code of this class should catch the exception and prompt the user for credentials, then call Authenticate to re-initialize with a new set of temporary AWS credentials.

Properties

NameTypeDescription
Public Property CustomCallbackState System.Object

Custom state to return to the registered callback to handle credential requests. The data will be contained in the CredentialRequestCallbackArgs instance supplied to the callback.

Public Property PreemptExpiryTime System.TimeSpan Inherited from Amazon.Runtime.RefreshingAWSCredentials.
Public Property ProfileData Amazon.Util.SAMLRoleProfile

The data about the SAML endpoint and any required user credentials parsed from the profile.

Public Property ProfileName System.String

Name of the profile being used.

Public Property ProfilesLocation System.String

Location of the profiles, if used.

Methods

Note:

Asynchronous operations (methods ending with Async) in the table below are for .NET 4.5 or higher. For .NET 3.5 the SDK follows the standard naming convention of BeginMethodName and EndMethodName to indicate asynchronous operations - these method pairs are not shown in the table below.

NameDescription
Public Method Static Method CanCreateFrom(string, string)

Tests if an instance can be created from the persisted profile data.

Public Method ClearCredentials() Inherited from Amazon.Runtime.RefreshingAWSCredentials.
Public Method GetCredentials() Inherited from Amazon.Runtime.RefreshingAWSCredentials.
Public Method GetCredentialsAsync() Inherited from Amazon.Runtime.RefreshingAWSCredentials.
Public Method SetCredentialCallbackData(StoredProfileFederatedCredentials.RequestUserCredential, object)

Registers a callback handler for scenarios where credentials need to be supplied during user authentication (primarily the non-domain-joined use case). Custom data, which will be supplied in the CredentialRequestCallbackArgs instance passed to the callback, can also be supplied.

The callback will only be invoked if the underlying SAML role profile indicates it was set up for use with a specific identity. For profiles that do not contain any user identity the SDK will default to using the identity of the current process during authentication. Additionally, if the profile contain user identity information but no callback has been registered, the SDK will also attempt to use the current process identity during authentication.

Fields

NameTypeDescription
Field Static Field MaximumCredentialTimespan System.TimeSpan

The maximum allowed timespan for generated credentials, per STS documentation.

Field Static Field MinimumCredentialTimespan System.TimeSpan

The minimum allowed timespan for generated credentials, per STS documentation.

Remarks

1. Currently only the SDK store supports profiles that contain the necessary data to support authentication and role-based credential generation. The ini-format files used by the AWS CLI and some other SDKs are not supported at this time.
2. In order to use the StoredProfileFederatedCredentials class the AWSSDK.SecurityToken assembly must be available to your application at runtime.

Version Information

.NET Framework:
Supported in: 4.5, 4.0, 3.5