Windows XP
Windows Vista
Windows 7
Windows Azure
Windows Server
Windows Phone
EPL Standings
Windows Azure

Securing Your SharePoint and Windows Azure Solutions : Configuring Shared Access Permissions for BLOB Storage - Using Certificate-Based Authentication

11/28/2012 4:28:47 PM
As a part of securing your applications within Windows Azure, you might want to use a trusted certificate. A trusted certificate (also called a Secure Sockets Layer Certificate or SSL) helps to encrypt sensitive data as it moves throughout your application. When you use a trusted certificate and you’re moving sensitive data around or across site boundaries, this data cannot be intercepted by outside parties. You can buy trusted certificates from ISPs such as GoDaddy, or you can create your own by using Certification Manager. In this section, you’ll create a self-signed certificate that you’ll then upload into Windows Azure and use within a simple console application to illustrate the handshake across client and server.

Using Certification Manager (CertMgr.exe), you can create a self-signed trusted certificate and publish that certificate to the Trusted Publishers store on a client computer. The trusted certificate can then be uploaded to Windows Azure and used in your application development and design as a part of the authentication process. Client authentication requires the X.509 certificate, which is an industry-defined certificate and standard.

Create and Upload an X.509 Client Certificate to Windows Azure

  1. Open Internet Information Services (IIS) 7, click the top-level folder (your computer name), and click Server Certificates in the Content View.

  2. In the right pane, click Create Self-Signed Certificate.

  3. In the Create Self-Signed Certificate wizard, type a name for the certificate (such as MyNewCert) and click OK.

  4. Exit IIS and type mmc in the Start menu Search Programs And Files field—this is the shortcut to open the Microsoft Management Console application.

  5. Click File | Add/Remove Snap-In.

  6. In the Add Or Remove Snap-Ins dialog box, click Certificates and then click Add.

  7. Select Computer Account in the Certificates Snap-In wizard, then click Next, then Finish, and then OK.

  8. Find the certificate you just added by navigating to Certificates\Personal\Certificates in the root console view. Your newly created certificate should be listed in the Management Console—as shown here.

    image with no caption
  9. Right-click the certificate, select All Actions, and then select Export.

  10. 10. In the Certificate Export wizard, select Next, and then select No. Do not export the private key, accept the default DER encoded binary X.509 option, and click Next. Browse to a location to save the certification file, and provide a file name (such as MyNewCert.cer). Click Save and then Finish.

    Now that you’ve completed the export of the certificate, you can upload the certificate to Windows Azure. This is a straightforward process that you do through the Windows Azure developer portal.

  11. Navigate to your Windows Azure developer portal (https://windows.azure.com/Default.aspx).

  12. Select Hosted Services, Storage Accounts & CDN in the main portal view.

  13. Click Management Certificates, as shown here.

    image with no caption
  14. Click Add Certificate in the portal ribbon and browse for the certification that you just created, as shown.

    image with no caption
  15. Click Done. Your certificate should now display in the portal, along with additional metadata about the certificate. For example, in the following graphic, you’ll note that the main view shows who the certificate was issued by, the name of the certificate, and additional information such as the thumbprint and subscription ID, which can be used when your program is interacting with Windows Azure.

    image with no caption

    Your certificate is now uploaded to Windows Azure, and you can now use it in your applications. To illustrate, you’ll continue with the exercise to create a simple console application that uses the local certificate you created to establish trust with Windows Azure.

  16. Open Visual Studio 2010 and click File | New Project | Windows And Console Application. Provide a name for the project (such as GetACSCertInformation) and click OK.

  17. Right-click the project and select Properties. On the Resources tab, add a new resource. Provide a name for the resource (such as CertLocation) and then add the directory location and file name of the trusted certificate (for example, c:\Certificates\MyNewCert.cer).

  18. Double-click Program.cs and amend the code as shown here:

    using System;
    using System.Collections.Generic;
    using System.Linq;
    using System.Text;
    using System.Xml.Linq;
    using System.Net;
    using System.IO;
    using System.Security.Cryptography.X509Certificates;
    namespace GetACSCertInformation
        class Program
            static void Main(string[] args)
                var azureRequest = (HttpWebRequest)WebRequest.Create("https://management.
    core.windows.net/<your subscription ID>/services/hostedservices");
                azureRequest.Method = "GET";
                azureRequest.ContentType = "xml";
                azureRequest.Headers.Add("x-ms-version", "2009-10-01");
                var azureResponse = azureRequest.GetResponse().GetResponseStream();
                var xmlResultsFromAzure = new StreamReader(azureResponse).ReadToEnd();

    The code in this application is straightforward: it creates a new WebRequest to interact with Windows Azure (using the REST API). The WebRequest object then loads the trusted certificate from the local system by using the ClientCertificates.Add method. When the call is made to Windows Azure, the certificate is then used to authenticate the incoming request: the certificates are compared, and the request is authenticated. When the request has been authenticated, the server response is an enumeration of the hosted services available in Windows Azure (as requested by the REST URI request). The result for your application should look something similar to that shown here.

    image with no caption
Other -----------------
- Securing Your SharePoint and Windows Azure Solutions : Configuring Shared Access Permissions for BLOB Storage - Using the Service Bus and Access Control Service
- Securing Your SharePoint and Windows Azure Solutions : Create a Windows Forms Application to Display the Shared Access Permissions Signature
- Securing Your SharePoint and Windows Azure Solutions : Configuring BCS Security - Create an Application ID, Assess Permissions on the ECT
- Deploying to Windows Azure : Changing live configuration, Upgrading the deployment, Running the deployment
- Deploying to Windows Azure : Preparation application for deployment, Ready for deployment
- Setting up hosted service in Windows Azure
- Azure Monitoring and Diagnostics : Logging config data in our application, Transferring and persisting diagnostic data
- Azure Monitoring and Diagnostics : Azure Diagnostics­ under the hood, Enabling diagnostic logging
- Web Services and Azure : Our WCF web services
- Web Services and Azure : Creating a new WCF service web role
- Azure Blob Storage : Windows Azure Content Delivery Network, Blob Storage Data Model
- Azure Blob Storage : Blobs in the Azure ecosystem, Creating Blob Storage
- The Nickel Tour of Azure : How are Azure costs calculated?
- The Nickel Tour of Azure : Explaining Azure to the managers
- Application Life Cycle Management
- Sharing Digital Photographs : Exploring Photo-Sharing Communities
- Sharing Digital Photographs : Exploring Online Photo-Editing Applications
- Surfacing SQL Azure Data in Bing Maps by Using the Client Object Model
- Storing and Sharing Files and Other Online Content : Exploring Online Bookmarking Services
- Storing and Sharing Files and Other Online Content : Understanding Cloud Storage & Evaluating Online File-Storage and -Sharing Services
Most view of day
- Accessing and Using Your Network : Working with Offline Files and the Sync Center (part 2) - Synchronizing Offline Files, Handling Synchronization Conflicts
- Microsoft PowerPoint 2010 : Animating Slide Content (part 1) - Choosing an Animation Effect
- Developing with SharePoint 2010 (part 4) - Developer Toolbar
- Windows Server 2012 Group Policies and Policy Management : GPO Administrative Tasks - Creating and Linking WMI Filters to GPOs
- Microsoft Dynamics AX 2009 : Form Customization (part 2) - Displaying an Image
- Sharepoint 2013 : Health Monitoring and Disaster Recovery - Maintaining Content Integrity (part 2) - Versioning
- Microsoft Word 2010 : Creating Desktop Publishing Documents - Adding Desktop Publishing Effects
- Adobe Dreamweaver CS5 : Using Library Items and Server-side Includes (part 6) - Applying Server-Side Includes
- System Center Configuration Manager 2007 : Operating System Install Packages and Image Packages (part 2) - Manual Image Creation, Image Deployment
- Microsoft Visio 2010 : Importing Graphics (part 2) - Using Images as Shapes in Visio - Handling Bitmaps and Jaggies
Top 10
- Windows Server 2012 : DHCP,IPv6 and IPAM - Exploring DHCP (part 3) - Creating IPv4 DHCP Scopes
- Windows Server 2012 : DHCP,IPv6 and IPAM - Exploring DHCP (part 2) - Installing DHCP Server and Server Tools
- Windows Server 2012 : DHCP,IPv6 and IPAM - Exploring DHCP (part 1)
- Windows Server 2012 : DHCP,IPv6 and IPAM - Understanding the Components of an Enterprise Network
- Microsoft OneNote 2010 : Using the Research and Translate Tools (part 3) - Translating Text with the Mini Translator
- Microsoft OneNote 2010 : Using the Research and Translate Tools (part 2) - Translating a Word or Phrase with the Research Pane
- Microsoft OneNote 2010 : Using the Research and Translate Tools (part 1) - Setting Options for the Research Task Pane, Searching with the Research Task Pane
- Microsoft OneNote 2010 : Doing Research with Linked Notes (part 2) - Ending a Linked Notes Session, Viewing Linked Notes
- Microsoft OneNote 2010 : Doing Research with Linked Notes (part 1) - Beginning a Linked Notes Session
- Microsoft OneNote 2010 : Doing Research with Side Notes (part 3) - Moving Side Notes to Your Existing Notes
Windows XP
Windows Vista
Windows 7
Windows Azure
Windows Server
Windows Phone
2015 Camaro