2

I'm using azure service management REST API in my application. I uploaded the management certificate on azure and have a copy in local. I keep the certification in a separate folder (AzureCertificate) in the application itself and referring to that location. e.g:

string certificatePath = Server.MapPath("~/AzureCertificate/") + certificateName;

X509Certificate2 certificate = new X509Certificate2(certificatePath);

AzureCertificate -- Folder name certificateName - MyCertificatieName.cer

it works fine when I run the application my local development environment. But I'm getting the below error when I deploy the same in azure website.

The remote server returned an error: (403) Forbidden

This is how I make the request

string uri = apiURL + subscriptionId + "/services/hostedservices";

HttpWebRequest req = (HttpWebRequest)HttpWebRequest.Create(uri);

X509Certificate2 certificate = new X509Certificate2(certificatePath);

req.ClientCertificates.Add(certificate);

req.Headers.Add("x-ms-version", "2009-10-01"); HttpWebResponse res =

(HttpWebResponse)req.GetResponse();

But it throws the above said exception at the last line (req.GetResponse()).

Can we use the management certificate in this way?.

My requirement is to develop an application which uses the azure REST API and deploy in azure.

Improve this question
1
  • which apiurl are you trying to access? Commented Sep 30, 2014 at 17:03

2 Answers 2

Reset to default
1

I have also found that creating the certificate exactly the right way for use with the Management API is very important - I was getting 403 errors until I used this script for creating the certificate:

makecert -r -pe -a sha1 -n "CN=Windows Azure Authentication Certificate" -ss my -len 2048 -sp "Microsoft Enhanced RSA and AES Cryptographic Provider" -sy 24 ManagementApiCert.cer

I got that here: http://blogs.msdn.com/b/davidhardin/archive/2013/08/27/azure-management-certificate-public-key-private-key.aspx which is a couple of years old but worked for me when other newer ones I tried did not.

Also, make sure you upload the certificate under Management Certificates in Settings in the portal, it is not an SSL or remote access certificate.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

I'd suggest using the Azure Management SDK. You can install that from nuget package named Microsoft.WindowsAzure.Management and use the appropriate class/method to do what you want to do.

If you did need to do something directly via HTTP and the REST API, I'd suggest using HttpClient instead of HttpWebRequest. (HttpClient is another nuget package named Microsoft.Net.Http. You can then use SubscriptionCloudCredntials (via the ManagementClient.Credentials property) to populate the HTTP request for you. For example:

var client = new ManagementClient(
    new CertificateCloudCredentials(subscriptionId, certificate));
//...
var requestMessage = new HttpRequestMessage(HttpMethod.Get, apiURL);
await client.Credentials.ProcessHttpRequestAsync(requestMessage,
    CancellationToken.None);
var httpClient = new HttpClient();
HttpResponseMessage response = await httpClient.SendAsync(requestMessage);
// TODO: process response, maybe:
var responseText = response.AsString();

I'd recommend using client when you can.

Improve this answer

2 Comments

But, it may still need the certificate right??? I'm using (management.core.windows.net/<subscription-id>/services/…)
Yes, that's the certificate parameter

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.