Aws-sdk-net: StartWithSrpAuthAsync in AWSSDK.Extensions.CognitoAuthentication time out

The exception is saying there's a problem with the connection. Is this an intermittent issue? Or is it some issue with Xamarin? There's not enough detail here.

The exception is saying there's a problem with the connection. Is this an intermittent issue? Or is it some issue with Xamarin? There's not enough detail here.

This issue happens consistently. I reference the extension library directly and put a breakpoint on the line

  await Provider.RespondToAuthChallengeAsync(challengeRequest)

and that is where the issue happens

The issue appears to be related to TLS 1.2 for Mono / Xamarin only. It doesn't repro on desktop. The class HttpClientHandler that subclasses HttpMessageHandler does not work on Android and iOS.

sdk/src/Core/Amazon.Runtime/Pipeline/HttpHandler/_mobile/HttpRequestMessageFactory.cs

According to Xamarin documentations, in order to work with TLS 1.2, either you don't supply HttpMessageHandler or supply the native version on each platforms
https://docs.microsoft.com/en-us/xamarin/android/app-fundamentals/http-stack?context=xamarin%2Fcross-platform&tabs=macos#ssltls-implementation-build-option

I change the HttpClient constructor in HttpRequestMessageFactory.cs to the parameterless one and it works

@assyadh I have the same issue after Update of Visual Studio to 15.8.5. There is a solution by @motoko89 . When can we expect a new version of nuget for xamarin? Because it blocks work or at least using the app by users

I have the same problem, it also occurred after upgrading Xamarin to the version (Mono 5.12, Xamarin.iOS 12) and (Mono 5.12, Xamarin.Android 9.0), but in (Mono 5.10.1, Xamarin.iOS 11.12) and (Mono 5.10.1, Xamarin.Android 8.3.3) works fine.
Is there a planned update for the nugets?

I'll check in with the maintainers and try to get an estimation for you. I don't think we can simply remove the HttpMessageHandler as a parameter without doing some additional work to keep all that other configuration logic.

Hi
We have also experienced this same issue today, it was working perfectly in the morning... we changed to using a different user pool and client and came across this issue. Changed back to the original and it was fine but a couple hours later the same thing happened to that one. We can't find any changes that we've made to the project, it's really frustrating. Any updates on this?

It is happening to me on the same iOS configuration as @chekodev (Mono 5.12, Xamarin.iOS 12)

Is there any news or known workaround?

@motoko89 what you mention about HttpRequestMessageFactory is an actual workaround? Do you have any example of this somewhere?

Thanks!

@johannperez I fork from aws-sdk-net and switch HttpClient to use default constructor. At first I was trying to preserve AWS Handler class but it proves to be a lot of work as they said. Note that this also means that settings such as max concurrent connection etc will not work but I don't need it in my case
https://github.com/motoko89/aws-sdk-net-xamarin/tree/mymaster

@motoko89 do I understand correctly that you have resolved the issue in your fork of aws-sdk?

@kirillpadx yes

@motoko89 Know of any method for importing your github fork into a visual studio project?

@johannperez I fork from aws-sdk-net and switch HttpClient to use default constructor. At first I was trying to preserve AWS Handler class but it proves to be a lot of work as they said. Note that this also means that settings such as max concurrent connection etc will not work but I don't need it in my case
https://github.com/motoko89/aws-sdk-net-xamarin/tree/mymaster

@motoko89 I'm a student trying to fix this issue for a project. How would I compile/import your AWS fork into a visual studio project?

Using the fix by @motoko89 alone I was not able to resolve the issue, but then I have found this article and by doing what was suggested in the article and using the AWSSDK.Core dll (only need for android rn) build from the @motoko89 fork to the sdk I was able to resolve the issue.

@Megalovania If you still need help with building the sdk I can give you some info on how I have build it.

Pls, let us know when you are going to resolve this issue, I updated to last version of VS 2017 and Xamarin (4.11.0.776) Xamarin.Android (9.0.0.19), Xamarin.iOS (12.0.0.15) and can't use neither packages Amazon.CognitoIdentityProvider nor Amazon.Extensions.CognitoAuthentication for authentication, all I recieve is:

Error getting response stream (ReadDoneAsync2): ReceiveFailure
at
Amazon.Runtime.HttpWebRequestMessage+<GetResponseAsync>d__20.MoveNext () [0x00156] in E:\JenkinsWorkspaces\v3-trebuchet-release\AWSDotNetPublic\sdk\src\Core\Amazon.Runtime\Pipeline\HttpHandler\_mobile\HttpRequestMessageFactory.cs:457

Right now, nobody can't log in our Android APP and iOS APP, so nobody can't use the app. As @motoko89 said, it's something about ASSDK.Core, but I don't know if it only affects Cognito Authentication or it affects other services.

Thanks in advance!

We're working on a resolution for this now. We have a possible fix based on feedback in this issue.
I'll update when we have more details.

The way I have solved the issue @danvasem :

1. build AWSSDK.Core dll from the fork by @motoko89
2. download and save locally AWSSDK.Core nuget using Nuget Package Explorer
3. remove the signature from the nuget (in Nuget Package Explorer) to allow modification
4. replace the AWSSDK.Core.dll (in my case only in lib/MonoAndroid10) with the corresponding dll from step (1) and then save the modified nuget (do not change the names/versions)
5. uninstall all AWS* nugets from the end project
6. then install the local Core nuget from step (4) into the project (from a custom nuget package source)
7. install the rest of the AWS* nugets from the original sources (in my case AWSSDK.Extensions.CognitoAuthentication)
8. Also do not forget to add reference to System.Net.Http in your android project as well as change the HttpClient to native in the project -> properties -> android options -> advanced (more on this step in my previous comment

This was the easiest way that I have found to solve the issue. My initial attempts were to build the entire sdk myself and pack with nuget, but that has proved to be quite problematic. Thus I have just settled with getting the Core dlls for the dotnet runtimes that I needed and forging modifying the existing nugets by AWS locally.

Thanks a lot to @motoko89 for finding the workaround!

Thank you @kirillpadx I followed your instructions and now my apps are working again, awesome!. I hope Amazon Team could give us a formal solution soon.

We've verified our fix and will get it released as soon as we can.

A fix has been released in the AWSSDK.Core 3.3.29.2 and AWSSDK.CognitoIdentityProvider 3.3.11.12 nuget packages.
You need to add an IHttpClientFactory implementation like:

public class MyHttpClientFactory : IHttpClientFactory
{
    public HttpClient CreateHttpClient(IClientConfig clientConfig)
    {
        // This implementation may change for your particular use case.
        // See https://docs.microsoft.com/en-us/xamarin/cross-platform/macios/http-stack?context=xamarin/ios and
        // https://docs.microsoft.com/en-us/xamarin/android/app-fundamentals/http-stack?context=xamarin%2Fcross-platform&tabs=macos#ssltls-implementation-build-option
        // for guidance on creating HttpClients for your platform. 
        return new HttpClient();
    }
}

then instantiate your client like so:

var credentials = new BasicAWSCredentials("abc", "xyz");
var clientConfig = new AmazonCognitoIdentityProviderConfig();
clientConfig.RegionEndpoint = RegionEndpoint.USEast1;
clientConfig.HttpClientFactory = new MyHttpClientFactory();

using (var client = new AmazonCognitoIdentityProviderClient(credentials, clientConfig))
{
    ///use your client here
}

Using the fix by @motoko89 alone I was not able to resolve the issue, but then I have found this article and by doing what was suggested in the article and using the AWSSDK.Core dll (only need for android rn) build from the @motoko89 fork to the sdk I was able to resolve the issue.

@Megalovania If you still need help with building the sdk I can give you some info on how I have build it.

@motoko89 Thanks for the offer, but I managed to find a workaround.

I only encountered this issue while trying to authenticate my user pool using the Email Address or Phone Number option. Once I switched to authenticating through a Username this error stopped.

Quick note, using the former option sometimes resulted in a user not found error despite clearly having that user in the pool. Perhaps this is related to how the UserPool automatically replaces the email with a GUID for distinguishing accounts.

A fix has been released in the AWSSDK.Core 3.3.29.2 and AWSSDK.CognitoIdentityProvider 3.3.11.12 nuget packages.
You need to add an IHttpClientFactory implementation like:

public class MyHttpClientFactory : IHttpClientFactory
{
    public HttpClient CreateHttpClient(IClientConfig clientConfig)
    {
        // This implementation may change for your particular use case.
        // See https://docs.microsoft.com/en-us/xamarin/cross-platform/macios/http-stack?context=xamarin/ios and
        // https://docs.microsoft.com/en-us/xamarin/android/app-fundamentals/http-stack?context=xamarin%2Fcross-platform&tabs=macos#ssltls-implementation-build-option
        // for guidance on creating HttpClients for your platform. 
        return new HttpClient();
    }
}

then instantiate your client like so:

var credentials = new BasicAWSCredentials("abc", "xyz");
var clientConfig = new AmazonCognitoIdentityProviderConfig();
clientConfig.RegionEndpoint = RegionEndpoint.USEast1;
clientConfig.HttpClientFactory = new MyHttpClientFactory();

using (var client = new AmazonCognitoIdentityProviderClient(credentials, clientConfig))
{
    ///use your client here
}

This release doesn't fix the issue if you are not using PCL, because all the new code are surrounded #if PCL. If you have project in .NET Standard, which is not PCL, you need to also add #if CORECLR around the new code @vellozzi

@motoko89 my project actually targets .NET Standard. I got so happy when I saw the comment about the official fix, only to get so sad when I saw your comment and the #if PCL macro in the code.

@vellozzi what was the problem with making this solution work for other .NET runtimes / .NET Standard? Why was the #if PCL needed to make this work?

@motoko89 & @kirillpadx I am also using .NET Standard and have been struggling with this issue. I've created a new project (a production version of my other one) and after installing the latest updates of AWSSDK.Core (3.3.29.4), AWSSDK.CognitoIdentityProvier (3.3.11.13) and AWSSDK.Extensions.CognitoAuthentication (0.9.4) my app works just fine, not running into any issues logging in. No need to import AWS libraries and change anything. Just works.

After upgrading to the latest package versions and

A fix has been released in the AWSSDK.Core 3.3.29.2 and AWSSDK.CognitoIdentityProvider 3.3.11.12 nuget packages.
You need to add an IHttpClientFactory implementation like:

public class MyHttpClientFactory : IHttpClientFactory
{
    public HttpClient CreateHttpClient(IClientConfig clientConfig)
    {
        // This implementation may change for your particular use case.
        // See https://docs.microsoft.com/en-us/xamarin/cross-platform/macios/http-stack?context=xamarin/ios and
        // https://docs.microsoft.com/en-us/xamarin/android/app-fundamentals/http-stack?context=xamarin%2Fcross-platform&tabs=macos#ssltls-implementation-build-option
        // for guidance on creating HttpClients for your platform. 
        return new HttpClient();
    }
}

then instantiate your client like so:

var credentials = new BasicAWSCredentials("abc", "xyz");
var clientConfig = new AmazonCognitoIdentityProviderConfig();
clientConfig.RegionEndpoint = RegionEndpoint.USEast1;
clientConfig.HttpClientFactory = new MyHttpClientFactory();

using (var client = new AmazonCognitoIdentityProviderClient(credentials, clientConfig))
{
    ///use your client here
}

Upgrading to the latest packages and using them inside native iOS project and configuring HttpClient as suggested worked as expected

The change was meant to fix this very specific issue. We realize it can be useful to customize HTTP client creation for other reasons. But we're not ready to implement that across all versions of the SDK.

@kirillpadx
What's your use case for this in .NET Standard? It will help us determine if/when/how we implement this feature in the future.

After a reread of the thread it looks like apps that target .NET Standard are facing the exact same issue.
We'll investigate this.

We're taking up this discussion in https://github.com/aws/aws-sdk-net/issues/1115

@BryanGerre if you're still facing this issue, you can try the solution given by @motoko89 and @kirillpadx , I followed the instructions and everything is working fine:

The way I have solved the issue @danvasem :

1. build AWSSDK.Core dll from the fork by @motoko89
2. download and save locally AWSSDK.Core nuget using Nuget Package Explorer
3. remove the signature from the nuget (in Nuget Package Explorer) to allow modification
4. replace the AWSSDK.Core.dll (in my case only in lib/MonoAndroid10) with the corresponding dll from step (1) and then save the modified nuget (do not change the names/versions)
5. uninstall all AWS* nugets from the end project
6. then install the local Core nuget from step (4) into the project (from a custom nuget package source)
7. install the rest of the AWS* nugets from the original sources (in my case AWSSDK.Extensions.CognitoAuthentication)
8. Also do not forget to add reference to System.Net.Http in your android project as well as change the HttpClient to native in the project -> properties -> android options -> advanced (more on this step in my previous comment

This was the easiest way that I have found to solve the issue. My initial attempts were to build the entire sdk myself and pack with nuget, but that has proved to be quite problematic. Thus I have just settled with getting the Core dlls for the dotnet runtimes that I needed and forging modifying the existing nugets by AWS locally.

Thanks a lot to @motoko89 for finding the workaround!

NOTE: I haven't tested yet the last pacakge version of AWSSDK.Core that seems to resolve the issue: https://github.com/aws/aws-sdk-net/issues/1115

@danvasem any chance you still have that .dll for awssdk.core? I'm running into so many errors trying to build the awssdk from Motoko89 git.

@BryanGerre Sure, you can download compiled Xamarin.Android and Xamarin.iOS dlls from https://1drv.ms/u/s!AkeC5Bwhz9f7i1ZIGM3w20dflTNC

Also, I installed the last nuget package versions of AWSSDK.Core (3.3.29.8) and AWSSDK.CognitoIdentityProvider (3.3.11.18) and followed the instrucions of @vellozzi and everything is working fine. In other words, I'm not longer using @motoko89 solution, I'm usign official pacakges again.

A fix has been released in the AWSSDK.Core 3.3.29.2 and AWSSDK.CognitoIdentityProvider 3.3.11.12 nuget packages.
You need to add an IHttpClientFactory implementation like:

public class MyHttpClientFactory : IHttpClientFactory
{
    public HttpClient CreateHttpClient(IClientConfig clientConfig)
    {
        // This implementation may change for your particular use case.
        // See https://docs.microsoft.com/en-us/xamarin/cross-platform/macios/http-stack?context=xamarin/ios and
        // https://docs.microsoft.com/en-us/xamarin/android/app-fundamentals/http-stack?context=xamarin%2Fcross-platform&tabs=macos#ssltls-implementation-build-option
        // for guidance on creating HttpClients for your platform. 
        return new HttpClient();
    }
}

then instantiate your client like so:

var credentials = new BasicAWSCredentials("abc", "xyz");
var clientConfig = new AmazonCognitoIdentityProviderConfig();
clientConfig.RegionEndpoint = RegionEndpoint.USEast1;
clientConfig.HttpClientFactory = new MyHttpClientFactory();

using (var client = new AmazonCognitoIdentityProviderClient(credentials, clientConfig))
{
    ///use your client here
}

Let me tell you first how I have my project and how I configured everything to work:

I have 3 projects:

• AndroidClient (Xamarin.Android)
• iOSClient (Xamarin.IOS)
• Common Library (.NET Standard 2.0); Referenced from the other 2 projects and having AWS logic and AWS SDK methods.

In all 3 projects I have installed the same nuget packages: WSSDK.Core (3.3.29.8) and AWSSDK.CognitoIdentityProvider (3.3.11.18), then in each Xamarin Project I have created a custom CreateHTTPClass:

Xamarin.Android:
public class AndroidClientFactory : IHttpClientFactory { public HttpClient CreateHttpClient(IClientConfig clientConfig) { return new HttpClient(); } }

Xamarin.iOS:
public class IOSClientFactory : IHttpClientFactory { public HttpClient CreateHttpClient(IClientConfig clientConfig) { return new HttpClient(); } }

Then in each Xamarin project I create an AmazonCognitoIdentityProviderConfig object (It is the same code in both projects):

new AmazonCognitoIdentityProviderConfig { HttpClientFactory = new IOSClientFactory() })

And finally assign the "AmazonCognitoIdentityProviderConfig" object in a public property in my Common Library (.NET Standard 2.0) project and use it in AmazonCognitoIdentityProviderClient:

var provider = new AmazonCognitoIdentityProviderClient(null, ClienteHttpConfig)

"ClienteHttpConfig" is the object created in Xamarin projects, you should also fill "RegionEndpoint" property in the "AmazonCognitoIdentityProviderConfig" object. Also, note that the first parameter I'm using is "null" but you should use the correct object depending of your AWS configuration.

Also, it's very important that in your project configurations you select:

• Android HttpClient and Native TLS 1.2 as HttpClient Implementation
  https://docs.microsoft.com/en-us/xamarin/android/app-fundamentals/http-stack?tabs=windows
• NSUrlSession as HttpClient Implementation
  https://docs.microsoft.com/en-us/xamarin/cross-platform/macios/http-stack?context=xamarin/ios

Let me know if this helps you.

Hello,

I am attempting to follow the "authenticate with SRP" flow for AWS Cognito user pool authorization
for .NET in my Windows Desktop Application Project. The following code sample was provided by Amazon with Amazon CognitoAuthentication Extension Library Examples page located at:https://docs.aws.amazon.com/sdk-for-net/v3/developer-guide/cognito-authentication-extension.html

using Amazon;
using Amazon.CognitoIdentity;
using Amazon.CognitoIdentityProvider;
using Amazon.Extensions.CognitoAuthentication;
using Amazon.Runtime;

public static async void GetCredsAsync()
{
AmazonCognitoIdentityProviderClient provider =
new AmazonCognitoIdentityProviderClient(awsAccessKeyId, awsSecretAccessKey, RegionEndpoint.USWest2);
CognitoUserPool userPool = new CognitoUserPool("poolID", "clientID", provider);
CognitoUser user = new CognitoUser("username", "clientID", userPool, provider);
InitiateSrpAuthRequest authRequest = new InitiateSrpAuthRequest()
{
Password = "userPassword"
};

        AuthFlowResponse authResponse = await user.StartWithSrpAuthAsync(authRequest).ConfigureAwait(false);
        accessToken = authResponse.AuthenticationResult.AccessToken;
   }

I have installed all the AWS .dll resources from Nuget.org in my refferences (AWSSDK.Core 3.3.29.12, AWSSDK.SecurityToken 3.3.4.34, AWSSDK.CognitoIdentityProvider 3.3.11.22, AWSSDK.CognitoIdentity 3.3.2.53 and SAWSSDK.Extension.CognitoAuthentication 0.9.4)

The code runs fine up to the call for await StartWithSrpAuthAsync() in the VS2017.Calling this function however results in no exceptions, results, or errors and never makes it to the next line.

Could you provide more advise about using Amazon.Extension.CognitoAuthentication library?

Regards
Victor