Custom Domain for Azure Cloud Service with SSL

1
votes

I'm trying to expose an Azure Cloud Service using https with a custom domain, but I get an error: "The requested service, 'https://mydomain.net/myservice.svc' could not be activated. See the server's diagnostic trace logs for more information."

Regarding the custom domain: I've followed the steps at https://www.windowsazure.com/en-us/develop/net/common-tasks/custom-dns/#header-1 for the second option, "A record": in godaddy's Zone File Manager, I have an A record configured for the "@" host that "Points To" myservice's "Public Virtual IP Address" (as found in the Azure portal). It seems to me that the fact I'm getting "the service could not be activated" means the A record is working, but I'm not certain.

Regarding the https: I've followed the steps at http://www.31a2ba2a-b718-11dc-8314-0800200c9a66.com/2011/06/how-to-get-and-install-ssl-certificate.html. In brief: I purchased a cert from godaddy using a CSR from my dev machine for mydomain.net, completed the CSR on my dev machine using the friendly name mydomain.net, exported it to mydomain.net.pfx, using that file, uploaded the cert to my cloud service in Azure and configured my WebRole in VS with the cert, and published the web role project to Azure.

On the client side (WP7):

<bindings>
  <basicHttpBinding>
    <binding name="BasicHttpsBinding_IMyInterface" 
      maxBufferSize="2147483647"
      maxReceivedMessageSize="2147483647">
      <security mode="Transport" />
    </binding>
  </basicHttpBinding>
</bindings>
<client>
  <endpoint name="BasicHttpsBinding_IMyInterface"
    address="https://mydomain.net/myservice.svc" 
    contract="MyService.IMyInterface"       
    binding="basicHttpBinding"
    bindingConfiguration="BasicHttpsBinding_IMyInterface" />
</client>

Note: I didn't use CName because my cert isn't for a subdomain and it isn't a wildcard.

From my searches, I get the impression this is working for other folks and I can't figure out what I'm doing differently.

1
sslserviceazure
Can you RDP into the instance, confirm the cert is installed and that the user running the service has access to the private key? - viperguynaz
I'm not certain what, exactly, is necessary to meet the noted requirements, but I did RDP and did see the cert in Local Computer\Personal and in Manage Private Keys I validated that NetworkService has permissions (I also validated in IIS Manager that the application-pool-the-service-is-using's Identity is NetworkService). Should the cert be in a different store? Local Computer\Personal is the only store I see it in (I just figured that Azure Portal Certificate Upload would put it in the correct place). - user1901446
(not sure if the above qualifies for "the service has access to the private key"... if not, could you explain how to valid that?) - user1901446
Well, I can't believe I didn't think of it before posting this, but while I was in the RDP I opened Event Viewer and found the following: - user1901446
WebHost failed to process a request. Sender Information: System.ServiceModel.ServiceHostingEnvironment+HostingManager/12547953 Exception: System.ServiceModel.ServiceActivationException: The service '/myservice.svc' cannot be activated due to an exception during compilation. The exception message is: Service 'myservice' has zero application (non-infrastructure) endpoints. This might be because no configuration file was found for your application, or because no service element matching the service name could be found in the configuration file, or because no endpoints were defined in the... - user1901446

1 Answers

0
votes

yep - you need a matching endpoint specified in the server config. The following is a complete example of a web.config file for a WCF service using HTTP transport security (from http://msdn.microsoft.com/en-us/library/hh556232.aspx):

<?xml version="1.0"?>
<configuration>

  <system.web>
    <compilation debug="true" targetFramework="4.0" />
  </system.web>
  <system.serviceModel>
    <services>
      <service name="MySecureWCFService.Service1">
        <endpoint address=""
                  binding="basicHttpBinding"
                  bindingConfiguration="secureHttpBinding"
                  contract="MySecureWCFService.IService1"/>

        <endpoint address="mex"
                  binding="mexHttpsBinding"
                  contract="IMetadataExchange" />
      </service>
    </services>
    <bindings>
      <basicHttpBinding>
        <binding name="secureHttpBinding">
          <security mode="Transport">
            <transport clientCredentialType="None"/>
          </security>
        </binding>
      </basicHttpBinding>
    </bindings>
    <behaviors>
      <serviceBehaviors>
        <behavior>
          <!-- To avoid disclosing metadata information, set the value below to false and remove the metadata endpoint above before deployment -->
          <serviceMetadata httpsGetEnabled="true"/>
          <!-- To receive exception details in faults for debugging purposes, set the value below to true.  Set to false before deployment to avoid disclosing exception information -->
          <serviceDebug includeExceptionDetailInFaults="false"/>
        </behavior>
      </serviceBehaviors>
    </behaviors>
    <serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
  </system.serviceModel>
 <system.webServer>
    <modules runAllManagedModulesForAllRequests="true"/>
  </system.webServer>

</configuration>