0

I followed the tutorial here for settings up the Azure Scheduler: http://fabriccontroller.net/blog/posts/a-complete-overview-to-get-started-with-the-windows-azure-scheduler/

I want to run my application on an Azure Website but it is blocking me from creating my X509Certificate.

I found this article: http://blog.tylerdoerksen.com/2013/08/23/pfx-certificate-files-and-windows-azure-websites/ Which points out the issue:

Well it turns out that when you load certificates the system will use a local directory to store the key (??) The default location for the key is the under the local user profile, and with Windows Azure Websites, there is no local user profile directory."

So following his advice and adding the following flag: "X509KeyStorageFlags.MachineKeySet" I can get away with:

CryptographicException: The system cannot find the file specified

but I now get:

CryptographicException: Access denied.

Is there really no way to use the SDK from an AzureWebsite?! It defeats a lot of appeal of the Azure Scheduler if I am forced into using a WebRole instead of an Azure Website.

In this thread: http://social.msdn.microsoft.com/Forums/windowsazure/en-US/cfe06e73-53e1-4030-b82d-53200be37647/load-privately-created-p12-cert-from-azureblob-and-have-it-be-trusted It appears as if they are sucessfully creating a X509Certificate on an Azure Website so what is different that mine throws "Access Denied" when I try to?

levitatejay
  • 1,278
  • 1
  • 9
  • 14
  • First I think it should be fine by using Sandrino's code in his blog. He loaded certificate content from publish profile file which means from a base64 string. Just make sure you uploaded your profile file alone with your deployment. Ref your second error, I think this is because the website process doesn't have enough permission to read the certificate in machine set. Maybe you can upgrade your website to standard mode and have another try. – Shaun Xu Feb 26 '14 at 03:28
  • I have changed my site to 'Standard' shortly after you posted this comment but I am still receiving the same error today ("Access denied") when trying to use it. – levitatejay Feb 26 '14 at 20:04
  • Sorry to hear about that and I don't have any idea then. Hope someone could answer. – Shaun Xu Feb 27 '14 at 02:27

1 Answers1

2

The problem was with using the ManagementCertificate string in the PublishSettings file... I created a self signed certificate on my local machine using the VisualStudio Console and exported both a '.cer' and '.pfx'.

Uploaded the self signed .cer into my Azure/Settings/Management Certificates Bundled the .pfx with my solution and published to Azure Web Sites

Then used the following code to create the certificate:

var certificate = new X509Certificate2(
            HttpContext.Current.Server.MapPath("~/<filename>.pfx"), "<password>", X509KeyStorageFlags.MachineKeySet);
levitatejay
  • 1,278
  • 1
  • 9
  • 14