CODEWITHSUNDEEP
asp.netazurex509
tushi0407
tushi0407

Reputation: 31

using certificate in AZURE asp.net websites

I am moving one asp.net app to azure environement.In the application we are using one X509Certificate2 while calling some webservices.I used cert.import method to import the certificate and then adding certificate object to client certificate property of service.It was working fine when we hosted our app on IIS servers. This is how we are doing it :

abcservice service = new abcservice ();

string CertificatePath = ConfigurationManager.AppSettings["CertificatePath"].ToString(); string certPwd = ConfigurationManager.AppSettings["CertificatePwd"].ToString();

cert.Import(CertificatePath, certPwd , X509KeyStorageFlags.DefaultKeySet);
service.ClientCertificates.Add(cert);

But when we move to azure ,it stops working and start showing me cant find specified file at cert.import .I came to know that MyStore is not working in Azure.So i am looking for some alternatives for that.I found one solution that how i can do this without using Import.

abcservice service = new abcservice ();

string CertificatePath =ConfigurationManager.AppSettings["CertificatePath"].ToString();

string certPwd = ConfigurationManager.AppSettings["CertificatePwd"].ToString();

X509Certificate2 cert = new X509Certificate2(CertificatePath , certPwd , X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.PersistKeySet | X509KeyStorageFlags.Exportable);
service.ClientCertificates.Add(cert);

Now it start adding certificate in service object but when i am calling service it start give me following Error :

Cannot find the X.509 certificate using the following search criteria: StoreName 'My', StoreLocation 'LocalMachine', FindType 'FindBySubjectName', FindValue 'abc-123.pqr.com'.

In web.config ,we have set following properties :

<clientCertificate findValue="abc-123.pqr.com" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectName" />
        <!--Need to provide Server certificate Details-->
        <serviceCertificate>
          <defaultCertificate findValue="xyz Gateway" storeLocation="LocalMachine" storeName="TrustedPeople" x509FindType="FindBySubjectName" />
          <authentication certificateValidationMode="ChainTrust" revocationMode="Online" />

I have set up abc-123.pqr.com as DNS name for my website and i am able to access website using this URL and uploaded the certificate in azure portal against this URL.

Upvotes: 0

Views: 552

Answers (1)

Tom Sun
Tom Sun

Reputation: 24549

If you want to use the cert on the Azure Website, you need to add an app setting named WEBSITE_LOAD_CERTIFICATES with its value set to the thumbprint of the certificate will make it accessible to your web application. For more information, please refer to this tutorial.

Add an app setting called WEBSITE_LOAD_CERTIFICATES and set its value to the thumbprint of the certificate. To make multiple certificates accessible, use comma-separated thumbprint values. To make all certificates accessible, set the value to *.

enter image description here

Upvotes: 1

Related Questions