Using a certificate for Azure subscription logs - 403 forbidden

0
votes

Background:

I have a Windows Service which polls Azure subscription logs (API: http://msdn.microsoft.com/en-us/library/windowsazure/gg715318.aspx)

On my local development machine the service is set to log on as my account. The X509 certificate was imported under CurrentUser\Personal and in the source code where I check the cert store I have:

X509Store certStore = new X509Store(StoreName.My, StoreLocation.CurrentUser);

Issue:

The service works fine on my dev machine, it can retrieve data from the API. On the testing machine I get this error:

The remote server returned an error: (403) Forbidden.

The service is set to log on as a specific user, dmz\aaseclg1 and the current user\personal cert store has the required certificate.

Any ideas?

Thanks in advance.

Edit: image of password prompt:

enter image description here

1
c#azuressl
Was the certificate created on your Dev box? How did you export it from your dev box and install it on your test box?Gaurav Mantri
What happens if you load the cert from a file instead of from the cert store?kwill
@Gaurav Mantri the cert was created on my dev machine, copied to the server and imported via the certification snap in.andrewb

1 Answers

1
votes

I have seen this error when I export the certificate from the machine on which it is created and while exporting, I choose to import it in .cer format (i.e. without exporting private keys). Can you try by exporting the certificate from your dev box in pfx format and then copy the file on your test box and import it again in your test box by selecting the file and installing the certificate?

UPDATE

I was able to reproduce this. When you import the certificate, please make sure that you have unchecked the checkbox which reads "Enable strong private key protection" as shown in the screenshot below.

enter image description here

When I check this checkbox, every time I use this certificate it prompts me to enter a password. Now I was using a GUI application so I could see that box. In your case since you are consuming the certificate through a Windows Service (a non UI thingie), this box never shows and you think the service is hanging.