1

I'm looking for a simple solution to Authenticate and use the WebSiteManagementClient. The examples I've seen utilize an Azure AD Application to create the SubscriptionCloudCredentials required. I would prefer to create the SubscriptionCloudCredentials without the use of an AD Application.

If at all possible, I would prefer to just use the Web Deploy un/pw credentials found in the Publish Profile Settings XML (as I already have code that uses these to interact with the kudu api with basic auth)

I found this potential solution that instead uses a management certificate (more info). But again, if at all possible, I would prefer to just use the Web Deploy un/pw.

(I understand the management cert is at a subscription level, and the Web Deploy un/pw are at a App Service/WebSite instance level. I'm just stating what my desired solution would look like.)

juvchan
  • 6,113
  • 2
  • 22
  • 35
Aaron Hoffman
  • 6,604
  • 8
  • 56
  • 61

2 Answers2

1

Management certificates allow you to authenticate only with the classic deployment (Azure Service Management) model and not the Azure Resource Management deployment model.

If your web app is not created using the classic deployment model, you'll need a TokenCloudCredential instead of the CertificateCloudCredential.

Technically, you can still create Certificate-based SubscriptionCloudCredentials but it will only work with Azure web app created with the classic deployment model.

juvchan
  • 6,113
  • 2
  • 22
  • 35
0

I would prefer to just use the Web Deploy un/pw.

If you want to upload certificate to Azure WebApp during Web Deploy then we can use ARM template , more details please refer to the document.

{
    "name": "[parameters('certificateName')]",
    "apiVersion": "2014-04-01",
    "type": "Microsoft.Web/certificates",
    "location": "[resourceGroup().location]",
    "properties": {
        "pfxBlob": "pfx base64 blob",
        "password": "some pass"
    }
}

About how to create subscriptionCloudCredentials with certificate and how to create customized cert, I did a demo for it. More details please refer to another SO thread.

If we try to run the project on the Azure. Please refer to document Using Certificates in Azure Websites Applications. Adding an app setting named WEBSITE_LOAD_CERTIFICATES with its value set to the thumbprint of the certificate will make it accessible to your web application

So we also need to add the AppSetting in the ARM template, more detail info please refer to the document.

  

{
   "name": "appsettings",
    "type": "config",
    "apiVersion": "2015-08-01",
    "dependsOn": [
        "[concat('Microsoft.Web/sites/', variables('webSiteName'))]"
    ],
    "tags": {
        "displayName": "WebAppSettings"
    },
    "properties": {
        " WEBSITE_LOAD_CERTIFICATES ": "thumbprint "
    }
Community
  • 1
  • 1
Tom Sun - MSFT
  • 24,161
  • 3
  • 30
  • 47