This topic provides the download URLs of the .NET SDK packages that are required for you to use STS. This topic also describes how to use the STS SDK for .NET.

Download URLs

You can download the SDK packages from the following links:

Note The STS SDK package has been uploaded to NuGet. For more information, visit the NuGet website.

Use the STS SDK for .NET

using System;
using Aliyun.Acs.Core;
using Aliyun.Acs.Core.Profile;
using Aliyun.Acs.Core.Http;
using Aliyun.Acs.Sts.Model.V20150401;
namespace StsNetSdkDemo
    class Program
        static void Main(string[] args)
            const string REGIONID = "cn-shanghai";
            const string ENDPOINT = "";
            //Construct an Alibaba Cloud client. The client will be used to send a request.
            // When you construct the client, set the AccessKey ID and AccessKey secret.
            DefaultProfile.AddEndpoint(REGIONID, REGIONID, "Sts", ENDPOINT);
            IClientProfile profile = DefaultProfile.GetProfile(REGIONID, "<access-key-id>", "<access-key-secret>");
            DefaultAcsClient client = new DefaultAcsClient(profile);
            // Construct an AssumeRole request.
            AssumeRoleRequest request = new AssumeRoleRequest();
            request.AcceptFormat = FormatType.JSON;
            // Specify the Alibaba Cloud Resource Name (ARN) of the RAM role.
            request.RoleArn = "<role-arn>";
            request.RoleSessionName = "<role-session-name>";
            // Specify the validity period of the returned STS token. This parameter is optional. The default value is 3600 seconds.
            //request.DurationSeconds = 3600;
            // Specify a policy to grant the returned STS token fewer permissions than those granted to the RAM role.
                AssumeRoleResponse response = client.GetAcsResponse(request);
                Console.WriteLine("AccessKeyId: " + response.Credentials.AccessKeyId);
                Console.WriteLine("AccessKeySecret: " + response.Credentials.AccessKeySecret);
                Console.WriteLine("SecurityToken: " + response.Credentials.SecurityToken);
                // The time when the STS token expires. The time that the STS server returns is in UTC+0 and is converted into UTC+8.
                Console.WriteLine("Expiration: " + DateTime.Parse(response.Credentials.Expiration).ToLocalTime());
            catch (Exception ex)
  • For the list of STS endpoints in different regions, see Endpoints.
  • For more information about the AssumeRole API operation, see AssumeRole.