Windows Azure Management Certificate not found in WebService

0
votes

I want to use the Windows Azure Management API to scale my webservice programmatically. First I try to get my Management Certificate.

I created a new self signed cert using the makecert.exe. Its described here.

makecert -sky exchange -r -n "CN=<CertificateName>" -pe -a sha1 -len 2048 -ss My "<CertificateName>.cer"

Then I uploaded my cert to my azure subscription (this way). I really see my uploaded certificate in the new and in the previous admin portal.

Now I add the following code to my webservice 

private X509Certificate2 GetX509Certificate2()
    {

        // The thumbprint value of the management certificate.
        // You must replace the string with the thumbprint of a 
        // management certificate associated with your subscription.
        string certThumbprint = "mythumprint...";

        // Create a reference to the My certificate store.
        X509Store certStore = new X509Store(StoreName.My, StoreLocation.CurrentUser);

        // Try to open the store.
        try
        {
            certStore.Open(OpenFlags.ReadOnly);
        }
        catch (Exception e)
        {
            if (e is CryptographicException)
            {
                Console.WriteLine("Error: The store is unreadable.");
                debugTable.persist("Error: The store is unreadable.");
            }
            else if (e is SecurityException)
            {
                Console.WriteLine("Error: You don't have the required permission.");
                debugTable.persist("Error: You don't have the required permission.");
            }
            else if (e is ArgumentException)
            {
                Console.WriteLine("Error: Invalid values in the store.");
                debugTable.persist("Error: Invalid values in the store.");
            }
            else
            {
                debugTable.persist("Something got wrong with certificate");
                return null;
            }
        }

        // Find the certificate that matches the thumbprint.
        X509Certificate2Collection certCollection = certStore.Certificates.Find(X509FindType.FindByThumbprint, certThumbprint, false);
        certStore.Close();

        // Check to see if our certificate was added to the collection. If no, throw an error, if yes, create a certificate using it.
        if (0 == certCollection.Count)
        {
            Console.WriteLine("Error: No certificate found containing thumbprint " + certThumbprint);
            debugTable.persist("Error: No certificate found containing thumbprint " + certThumbprint);
            return null;
        }

        debugTable.persist("found cert");
        // Create an X509Certificate2 object using our matching certificate.
        X509Certificate2 certificate = certCollection[0];
        return certificate;
    }

The debugtable.persists() method writes the debug message into a table storage. At the end I only find these entries in my table:

"Error: No certificate found containing thumbprint " + certThumbprint

So whats wrong with my code?

1
c#.netazureconfigurationcertificate

1 Answers

4
votes

So you uploaded your certificate in the portal. This means the certificate can be used to authenticate to the Service Management API.

Now if you want to use this certificate from within a WCF Service / Web Service which is hosted in a Web/Worker Role you'll also need to upload that certificate in the Cloud Service:

enter image description here

Then you'll need to open the settings of your Web/Worker Role and add a new certificate here by specifying the Location, the Store Name and the Thumbprint:

enter image description here

If you redeploy the appliction the certificate will be available and your WCF Service will be able to use it (if the service has sufficient permissions to access it).