Using management certificate with azure REST API

2
votes

I'm using azure service management REST API in my application. I uploaded the management certificate on azure and have a copy in local. I keep the certification in a separate folder (AzureCertificate) in the application itself and referring to that location. e.g:

string certificatePath = Server.MapPath("~/AzureCertificate/") + certificateName;

X509Certificate2 certificate = new X509Certificate2(certificatePath);

AzureCertificate -- Folder name certificateName - MyCertificatieName.cer

it works fine when I run the application my local development environment. But I'm getting the below error when I deploy the same in azure website.

The remote server returned an error: (403) Forbidden

This is how I make the request

string uri = apiURL + subscriptionId + "/services/hostedservices";

HttpWebRequest req = (HttpWebRequest)HttpWebRequest.Create(uri);

X509Certificate2 certificate = new X509Certificate2(certificatePath);

req.ClientCertificates.Add(certificate);

req.Headers.Add("x-ms-version", "2009-10-01"); HttpWebResponse res =

(HttpWebResponse)req.GetResponse();

But it throws the above said exception at the last line (req.GetResponse()).

Can we use the management certificate in this way?.

My requirement is to develop an application which uses the azure REST API and deploy in azure.

2
azureazure-management-api
which apiurl are you trying to access?Peter Ritchie

2 Answers

1
votes

I have also found that creating the certificate exactly the right way for use with the Management API is very important - I was getting 403 errors until I used this script for creating the certificate:

makecert -r -pe -a sha1 -n "CN=Windows Azure Authentication Certificate" -ss my -len 2048 -sp "Microsoft Enhanced RSA and AES Cryptographic Provider" -sy 24 ManagementApiCert.cer

I got that here: http://blogs.msdn.com/b/davidhardin/archive/2013/08/27/azure-management-certificate-public-key-private-key.aspx which is a couple of years old but worked for me when other newer ones I tried did not.

Also, make sure you upload the certificate under Management Certificates in Settings in the portal, it is not an SSL or remote access certificate.

0
votes

I'd suggest using the Azure Management SDK. You can install that from nuget package named Microsoft.WindowsAzure.Management and use the appropriate class/method to do what you want to do.

If you did need to do something directly via HTTP and the REST API, I'd suggest using HttpClient instead of HttpWebRequest. (HttpClient is another nuget package named Microsoft.Net.Http. You can then use SubscriptionCloudCredntials (via the ManagementClient.Credentials property) to populate the HTTP request for you. For example:

var client = new ManagementClient(
    new CertificateCloudCredentials(subscriptionId, certificate));
//...
var requestMessage = new HttpRequestMessage(HttpMethod.Get, apiURL);
await client.Credentials.ProcessHttpRequestAsync(requestMessage,
    CancellationToken.None);
var httpClient = new HttpClient();
HttpResponseMessage response = await httpClient.SendAsync(requestMessage);
// TODO: process response, maybe:
var responseText = response.AsString();

I'd recommend using client when you can.