AWS .NET SDK use profile with MFA to access to Secrets Manager (The MfaSerialNumber has been set but the MfaTokenCodeCallback hasn't)

Question

I'm trying to use AWS Secrets Manager from ASP.NET Core app. I use AWSSecretsManagerConfigurationExtensions (but this actually doesn't matter).

The code is below. The problem is, my profile has an MFA set up (i.e. there's mfa_serial in my .aws/credentials file. So when the code below runs, I get the exception:

Amazon.Runtime.AmazonClientException: Error calling AssumeRole for role arn:aws:iam::***:role/Admin
 ---> System.InvalidOperationException: The MfaSerialNumber has been set but the MfaTokenCodeCallback hasn't.  MfaTokenCodeCallback is required in order to determine the MfaTokenCode when MfaSerialNumber is set.

I guess, that's expected that it's asking for MfaToken, but where should I enter it?

I run it in both Rider and VisualStudio (with AWS Toolkit extension installed in both of them), but it didn't help.

Am I doing something wrong/

var chain = new Amazon.Runtime.CredentialManagement.CredentialProfileStoreChain();
if (chain.TryGetProfile("PROFILE_NAME", out var profile))
{
    var credentials = profile.GetAWSCredentials(profile.CredentialProfileStore);

    builder.Configuration.AddSecretsManager(credentials, profile.Region);
}

Answer 1

It seems, that one have to manually assign the MfaTokenCodeCallback and request the MFA there.

So, continuing from the code above:

var credentials = profile.GetAWSCredentials(profile.CredentialProfileStore);
if (credentials is AssumeRoleAWSCredentials assumeRoleAwsCredentials) {
  assumeRoleAwsCredentials.Options.MfaTokenCodeCallback = () =>
    {
      Console.WriteLine(
          $"Please enter MFA code for {assumeRoleAwsCredentials.Options.MfaSerialNumber}:"
        );
      var result = Console.ReadLine();
      return result;
    };
}

After that calling credentials.GetCredentials() shows the MFA request in console and succeeds if the entered code is correct