I'm building an Azure Website-based solution that needs to periodically contact a Service Bus relay endpoint in the background. My planned design approach was to use an Azure WebJob as the execution engine for this background task -- I would store my Service Bus connection string with shared secret credentials in App.config, encrypt it using the Pkcs12ProtectedConfigurationProvider with my site's custom SSL certificate, and everything would work perfectly!
The only problem is, it appears that WebJobs are not able to access the certificates for their containing Websites. The code for my WebJob can be very simple (but note that the appSettings section of App.config is encrypted):
public static void Main()
{
string connectionString = ConfigurationManager.AppSettings["Microsoft.ServiceBus.ConnectionString"];
Console.WriteLine(connectionString);
}
If I import the site's certificate on my local machine and run the WebJob executable there, everything works as expected. But when I upload the ZIP file with my binaries and .exe.config file into Azure, the job always fails with the below error.
[07/18/2014 22:53:24 > 621d84: ERR ] Unhandled Exception:
System.Configuration.ConfigurationErrorsException: Failed to decrypt using provider 'Pkcs12Provider'.
Error message from the provider: No certificate was found for thumbprint <My Certificate's Thumbprint>
(C:\DWASFiles\Sites\<My Site Name>\Temp\jobs\triggered\<My Job Name>\hzcfdtn5.f22\WebJob.exe.Config line
XX) ---> System.ApplicationException: No certificate was found for thumbprint <My Certificate's Thumbprint>
Am I correct in surmising that a WebJob can't access the corresponding Website's certificate store? This would make it pretty much impossible to use the Pkcs12 provider to encrypt my WebJob's secrets -- is there a better option available? Or is a WebJob simply the wrong tool for this job?
