Amazon S3 storage auth rejected


#1

Hi,

I have connected an S3 bucket to my Aspose storage. I have a dedicated IAM user for that bucket and using the AWS SDK I can do the upload/download operations I need.

However all requests via Aspose are rejected due to ‘authorization’ problems:

GET https://api.aspose.cloud/v1.1/storage/exist?path=myfile&storage=mystorage&appSID=mysid
Headers:
{
  Accept: application/json
  Authorization: Bearer xxxx....
}


Response:
StatusCode: 400, ReasonPhrase: 'Bad Request', Version: 1.1, Content: System.Net.Http.NoWriteNoSeekStreamContent
Headers:
{
  Date: Mon, 16 Apr 2018 07:58:39 GMT
  Server: Microsoft-IIS/10.0
  X-Powered-By: ASP.NET
  Connection: keep-alive
  Content-Type: application/json; charset=utf-8
  Content-Length: 126
}
{"Message":"AmazonS3 exception: The authorization mechanism you have provided is not supported. Please use AWS4-HMAC-SHA256."}

This happens in your Swagger API tester and programmatically with a HTTP client.

According to most StackOverflow answers, the idea is to add signatureVersion: ‘v4’ to the AWS requests, e.g. this answer.

Is this something you can address?

Thanks,
Rhys


#2

I created a bucket in eu-west-1 – which is old and therefore supports the V2 signature – and all is well.

Can I suggest that this limitation on S3 gets documented somewhere prominent when linking storages?
This needs to say that only pre-2014 regions are supportable without the change to V4.


#3

@rhyswatkin

Thank you for contacting Aspose Support.

We have logged this issue BILLING-3982 for our platform team for further investigation and as suggested we are going to document this limitation prominently on our Docs.


#4

@rhyswatkin

GET https://api.aspose.cloud/v1.1/storage/exist?path=myfile&storage=mystorage&appSID=mysid
Headers:
{
  Accept: application/json
  Authorization: Bearer xxxx....
}

Though this is not directly relevant to Aspose S3 Stroage authentication, we observed you are passing authentication token in request body and appSID in request URL. appSID is not needed here. The correct cURL example to check the presence of file is:

curl -v "https://api.aspose.cloud/v1.1/storage/exist?path=input.pdf" \
-X GET \
-H "Content-Type: application/json" \
-H "Accept: application/json" \
-H "Authorization: Bearer A03jLSHkq6zu_A8kpxU6xPKOEkBFn7fX6_hhKkAO0-2AFeI0UgB_M_D4O1cLkZSbfgGpbpA7oos3P8BhpbvDqHjcIkzTnSXBPkBJpRpWGdj2DwuQ9kd_FuBMTiU5NBZ3gUOwDGuY7bUJejPw8NzOFsk6Lt9z9CCR2lOyWUpKzlPSTl3DSaIkZRKluuccL4sT-PqeDkOHgn6mewV0P0GsrBkoQo6LDk1RozojGDYvPDAqVPFHmwc20MHnMtXlE5CA-koBJa0LmXKFBRKNqv1COa9l4qrDRRtNcx1yJWPdpvY6udg3a1oD36qlzSNiMNaAFZNWESzK3lZEgr6uAFZeG6SC4SHcws6OITJKm7P_VAjGElvAEAtnaO4qng6myB2prDUNIYHcwQkN4DaUPoQguJnPXbeB2WKV-u07p3y0fxAUZ82TOcew_LO-vCb15pBSsvpIHX3n3XE-egWrngqShI3uDNE"