English | 简体ä¸ć–‡
Use .NET CLI ( Recommand )
dotnet add package Aliyun.CredentialsBefore you begin, you need to sign up for an Alibaba Cloud account and retrieve your Credentials.
Setup access_key credential through User Information Management, it have full authority over the account, please keep it safe. Sometimes for security reasons, you cannot hand over a primary account AccessKey with full access to the developer of a project. You may create a sub-account RAM Sub-account , grant its authorization,and use the AccessKey of RAM Sub-account.
using Aliyun.Credentials.Models;
namespace credentials_demo
{
class Program
{
static void Main(string[] args)
{
Config config = new Config()
{
// Which type of credential you want
Type = "access_key",
// AccessKeyId of your account
AccessKeyId = "<AccessKeyId>",
// AccessKeySecret of your account
AccessKeySecret = "<AccessKeySecret>"
};
var client = new Aliyun.Credentials.Client(config);
var credential = client.GetCredential();
string accessKeyId = credential.AccessKeyId;
string accessSecret = credential.AccessKeySecret;
string credentialType = credential.Type;
}
}
}Create a temporary security credential by applying Temporary Security Credentials (TSC) through the Security Token Service (STS).
using Aliyun.Credentials.Models;
namespace credentials_demo
{
class Program
{
static void Main(string[] args)
{
Config config = new Config()
{
// Which type of credential you want
Type = "sts",
// AccessKeyId of your account
AccessKeyId = "<AccessKeyId>",
// AccessKeySecret of your account
AccessKeySecret = "<AccessKeySecret>",
// Temporary Security Token
SecurityToken = "<SecurityToken>"
};
var client = new Aliyun.Credentials.Client(config);
var credential = client.GetCredential();
string accessKeyId = credential.AccessKeyId;
string accessSecret = credential.AccessKeySecret;
string credentialType = credential.Type;
string securityToken = credential.SecurityToken;
}
}
}By specifying RAM Role, the credential will be able to automatically request maintenance of STS Token. If you want to limit the permissions(How to make a policy) of STS Token, you can assign value for Policy.
using Aliyun.Credentials.Models;
namespace credentials_demo
{
class Program
{
static void Main(string[] args)
{
Config config = new Config()
{
// Which type of credential you want
Type = "ram_role_arn",
// AccessKeyId of your account
AccessKeyId = "<AccessKeyId>",
// AccessKeySecret of your account
AccessKeySecret = "<AccessKeySecret>",
// Format: acs:ram::USER_Id:role/ROLE_NAME
// RoleArn can be replaced by setting environment variable: ALIBABA_CLOUD_ROLE_ARN
RoleArn = "<RoleArn>",
// Role Session Name
RoleSessionName = "<RoleSessionName>",
// Optional, limit the permissions of STS Token
Policy = "<Policy>",
// Optional, limit the Valid time of STS Token
RoleSessionExpiration = 3600,
};
var client = new Aliyun.Credentials.Client(config);
var credential = client.GetCredential();
string accessKeyId = credential.AccessKeyId;
string accessSecret = credential.AccessKeySecret;
string credentialType = credential.Type;
string securityToken = credential.SecurityToken;
}
}
}By specifying [OIDC Role][OIDC Role], the credential will be able to automatically request maintenance of STS Token. If you want to limit the permissions(How to make a policy) of STS Token, you can assign value for Policy.
using Aliyun.Credentials.Models;
namespace credentials_demo
{
class Program
{
static void Main(string[] args)
{
Config config = new Config()
{
// Which type of credential you want
Type = "oidc_role_arn",
// Format: acs:ram::USER_Id:role/ROLE_NAME
// RoleArn can be replaced by setting environment variable: ALIBABA_CLOUD_ROLE_ARN
RoleArn = "<RoleArn>",
// Format: acs:ram::USER_Id:oidc-provider/OIDC Providers
// OIDCProviderArn can be replaced by setting environment variable: ALIBABA_CLOUD_OIDC_PROVIDER_ARN
OIDCProviderArn = "<OIDCProviderArn>",
// Format: path
// OIDCTokenFilePath can be replaced by setting environment variable: ALIBABA_CLOUD_OIDC_TOKEN_FILE
OIDCTokenFilePath = "/Users/xxx/xxx",
// Role Session Name
RoleSessionName = "<RoleSessionName>",
// Optional, limit the permissions of STS Token
Policy = "<Policy>,"
// Optional, limit the Valid time of STS Token
RoleSessionExpiration = 3600,
};
var client = new Aliyun.Credentials.Client(config);
var credential = client.GetCredential();
string accessKeyId = credential.AccessKeyId;
string accessSecret = credential.AccessKeySecret;
string credentialType = credential.Type;
string securityToken = credential.SecurityToken;
}
}
}By specifying the role name, the credential will be able to automatically request maintenance of STS Token.
using Aliyun.Credentials.Models;
namespace credentials_demo
{
class Program
{
static void Main(string[] args)
{
Config config = new Config()
{
// Which type of credential you want
Type = "ecs_ram_role",
// Optional. It will be retrieved automatically if not set. It is highly recommended to set it up to reduce requests
RoleName = "<RoleName>"
};
var client = new Aliyun.Credentials.Client(config);
var credential = client.GetCredential();
string accessKeyId = credential.AccessKeyId;
string accessSecret = credential.AccessKeySecret;
string credentialType = credential.Type;
string securityToken = credential.SecurityToken;
}
}
}By specifying the url, the credential will be able to automatically request maintenance of STS Token.
using Aliyun.Credentials.Models;
namespace credentials_demo
{
class Program
{
static void Main(string[] args)
{
Config config = new Config()
{
// Which type of credential you want
Type = "credentials_uri",
// Format: http url
// `CredentialsUri` can be replaced by setting environment variable: ALIBABA_CLOUD_CREDENTIALS_URI
CredentialsUri = "http://xxx"
};
var client = new Aliyun.Credentials.Client(config);
var credential = client.GetCredential();
string accessKeyId = credential.AccessKeyId;
string accessSecret = credential.AccessKeySecret;
string credentialType = credential.Type;
string securityToken = credential.SecurityToken;
}
}
}If credential is required by the Cloud Call Centre (CCC), please apply for Bearer Token maintenance by yourself.
using Aliyun.Credentials.Models;
namespace credentials_demo
{
class Program
{
static void Main(string[] args)
{
Config config = new Config()
{
// Which type of credential you want
Type = "bearer",
// BearerToken of your account
BearerToken = "<BearerToken>"
};
var client = new Aliyun.Credentials.Client(config);
var credential = client.GetCredential();
string accessKeyId = credential.BearerToken;
string credentialType = credential.Type;
}
}
}If you call new Client(config) with null, it will use provider chain to get credential for you.
The program first looks for environment credentials in the environment variable. If the ALICLOUD_ACCESS_KEY and ALICLOUD_SECRET_KEY environment variables are defined and are not empty, the program will use them to create the default credential. If not, the program loads and looks for the client in the configuration file.
If there is ~/.alibabacloud/credentials default file (Windows shows C:\Users\USER_NAME\.alibabacloud\credentials), the program will automatically create credential with the name of 'default'. The default file may not exist, but a parse error throws an exception. The specified files can also be loaded indefinitely: AlibabaCloud::load('/data/credentials', 'vfs://AlibabaCloud/credentials', ...); This configuration file can be shared between different projects and between different tools. Because it is outside the project and will not be accidentally committed to the version control. Environment variables can be used on Windows to refer to the home directory %UserProfile%. Unix-like systems can use the environment variable $HOME or ~ (tilde). The path to the default file can be modified by defining the ALIBABA_CLOUD_CREDENTIALS_FILE environment variable.
[default] # Default credential
type = access_key # Certification type: access_key
access_key_id = foo # access key id
access_key_secret = bar # access key secretIf the environment variable ALIBABA_CLOUD_ECS_METADATA is defined and not empty, the program will take the value of the environment variable as the role name and request http://100.100.100.200/latest/meta-data/ram/security-credentials/ to get the temporary Security credential.
Opening an Issue, Issues not conforming to the guidelines may be closed immediately.
Detailed changes for each release are documented in the release notes.
Copyright (c) 2009-present, Alibaba Cloud All rights reserved.