Cannot use .NET Core AWSSDK with WASM

[genifycom]

AWS SDK uses HmacSHA256 or HmacSHA1 for signing requests depending on the configuration which are not available in WASM

Microsoft plans to introduce HMACSHA* algorithms in .NET 7.

Describe the Feature

Use an alternative signing method for WASM

Is your Feature Request related to a problem?

It would be extremely useful to have AWSSDK .NET Core functions available from Blazor WebAssembly

Proposed Solution

Offer an alternative signing algorithm

Describe alternatives you've considered

Additional Context

Environment

• 👋 I may be able to implement this feature request
• ⚠️ This feature might incur a breaking change

---

This is a 🚀 Feature Request

[tmay57]

This issue is broader than just signing requests. Here are a list of the System.Security.Cryptography lib api used in aws-sdk-net that are not currently supported in WASM:
ICryptoTransform
SymmetricAlgorithm
PaddingMode.PKCS7
CipherMode.CBC
Aes
CryptoStream
CryptoStreamMode.Read
KeyedHashAlgorithm
HMACSHA256()
HMACSHA1()
HashAlgorithm
HashAlgorithmName
RSAParameters
RSACryptoServiceProvider
RSAEncryptionPadding.Pkcs1
CipherMode.ECB
AsymmetricProvider
SymmetricProvider
System.Security.Cryptography.X509Certificates
X509Certificate2

To generate this list yourself and explore specific details, follow these steps:

git clone https://github.com/aws/aws-sdk-net.git

Open the aws-sdk-net/sdk/AWSSDK.NetStandard.sln in Visual Studio.
Use “find in files” on the search string “System.Security.Cryptography”. About 20 files are found with references.

Examine each file for references to the Cryptography library. For each file, comment out the using reference and then look at each reference that code analysis indicates has an error. Compare that reference to the list of api currently supported in the WASM version of the Cryptography library. https://docs.microsoft.com/en-us/dotnet/core/compatibility/cryptography/5.0/cryptography-apis-not-supported-on-blazor-webassembly

Any reference not currently supported by the WASM version of the Cryptography library will throw an exception when used in a Blazor client.

Perhaps you guys could have a heart-to-heart with the .NET team about this.

[adamhathcock]

I'm interested in this too. Looks like the runtime issue is here: dotnet/runtime#40074 looks like it got bumped to .NET 7

Perhaps bouncycastle could be used? The portable version might work: https://github.com/novotnyllc/bc-csharp

I realize changing to anything else is non-trivial.

[github-actions]

We have noticed this issue has not received attention in 1 year. We will close this issue for now. If you think this is in error, please feel free to comment and reopen the issue.

[ashovlin]

Reopening while troubleshooting a scenario from an internal user now that .NET 7 has launched.

Targeting .NET 7 (and configuring CORS for my bucket) I am now able to run the following in a Blazor WebAssembly app.

@page "/s3"

@using Amazon;
@using Amazon.S3;
@using Amazon.S3.Model;

<PageTitle>Load From S3</PageTitle>

<p>Message from S3: @s3Message</p>

<button class="btn btn-primary" @onclick="LoadFromS3">Click me</button>

@code {
    private string s3Message = "";

    private async Task LoadFromS3()
    {
        var credentials = <redacted>;

        var config = new AmazonS3Config
        {
            UseAlternateUserAgentHeader = true,
            RegionEndpoint = Amazon.RegionEndpoint.USEast1
        };

        var client = new AmazonS3Client(credentials, config);

        var request = new GetObjectRequest
        {
            BucketName = "<bucket>",
            Key = "<key>"
        };

        var response = await client.GetObjectAsync(request);
        s3Message = new StreamReader(response.ResponseStream).ReadToEnd();
    }
}

Needing UseAlternateUserAgentHeader is somewhat subtle, we may want to consider improving our documentation and/or more fully testing the SDK in Blazor WebAssembly and .NET 7.