How to use certificate in AZURE ASP.NET websites

Question

0.00/5 (No votes)

See more:

I am moving one asp.net app to azure environement.In the application we are using one X509Certificate2 while calling some webservices.I used cert.import method to import the certificate and then adding certificate object to client certificate property of service.It was working fine when we hosted our app on IIS servers.
This is how we are doing it :

C#

abcservice service = new abcservice ();
`string CertificatePath = ConfigurationManager.AppSettings["CertificatePath"].ToString();
string certPwd = ConfigurationManager.AppSettings["CertificatePwd"].ToString();`

    cert.Import(CertificatePath, certPwd , X509KeyStorageFlags.DefaultKeySet);
    service.ClientCertificates.Add(cert);

But when we move to azure ,it stops working and start showing me cant find specified file at cert.import .

In web.config ,we have set following properties :

XML

<clientCertificate findValue="abc-123.pqr.com" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectName" />
            <!--Need to provide Server certificate Details-->
            <serviceCertificate>
              <defaultCertificate findValue="xyz Gateway" storeLocation="LocalMachine" storeName="TrustedPeople" x509FindType="FindBySubjectName" />
              <authentication certificateValidationMode="ChainTrust" revocationMode="Online" />

I have set up abc-123.pqr.com as DNS name for my website and i am able to access website using this URL and uploaded the certificate in azure portal against this URL.

What I have tried:

I came to know that MyStore is not working in Azure.So i am looking for some alternatives for that.I found one solution that how i can do this without using Import.

abcservice service = new abcservice ();

    string CertificatePath =ConfigurationManager.AppSettings["CertificatePath"].ToString();

   

`string certPwd = ConfigurationManager.AppSettings["CertificatePwd"].ToString();`

    X509Certificate2 cert = new X509Certificate2(CertificatePath , certPwd , X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.PersistKeySet | X509KeyStorageFlags.Exportable);
    service.ClientCertificates.Add(cert);

Now it start adding certificate in service object but when i am calling service it start give me following Error :

Cannot find the X.509 certificate using the following search criteria: StoreName 'My', StoreLocation 'LocalMachine', FindType 'FindBySubjectName', FindValue 'abc-123.pqr.com'.
Please suggest how i can use it.Thanks in advance.

Posted 15-Jul-18 0:36am

tushi0407

Add a Solution

Comments

ZurdoDev 16-Jul-18 7:54am

You have to load it as a file and then put the file in your site, not from a certificate store. It would probably work if you use an Azure VM and configured your site on that, but an Azure website won't have access to the Certificate Store.

tushi0407 16-Jul-18 8:06am

yes..thats what,,,Azure website dont have certificate store.I have added certificate in the application and then dont know how i can store it so that web service using it can access that object.

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)