Subscribe to Windows Azure Using Your Organization ID

29 באפריל 2013

Until recently, you could only sign up for a new Windows Azure subscription using your Microsoft account (LiveID) It means that your administration account is governed by a private user account. This is a major security threat. The account credentials are simple user name and password (which could be easily stolen) No “Multi factor authentication” is possible No policy and management is enforced on the administration identity All this is changing now with Windows Azure Active Directory (WAAD) Now you can Sign-In to...
2 comments

How to Encode a Certificate

22 באפריל 2013

It is common to upload / transfer certificates as base64 strings. A common example is Azure Management API Add Service Certificate. To encode a certificate all you have to do is simply encode the certificate file. var encodedClientCert = Convert.ToBase64String(File.ReadAllBytes("Client.Cer")); To create a certificate out of base64 string is as easy: string str = "base64string representing a certificate"; string psw = "password for certificates with a private key"; var cert = new X509Certificate2(Convert.FromBase64String(str), psw); Hope this helps Manu
tags: ,
no comments

Uploading Large Files to Blob Storage

It you will try to upload a large file (2Mb and larger) to blob storage it is likely that you will get the following timeout exception: “StorageServerException : Operation could not be completed within the specified time.” The solution is to do things in parallel. Fortunately blob storage has a simple API for parallel upload. blobClient.ParallelOperationThreadCount = 20; To use it it is required to open the max number of outgoing connection using ServicePointManager.DefaultConnectionLimit The following method will demonstrate that: Code Snippet public static void LoadLargeBlob(string storageAccountName, string storageAccountKey)         {             ServicePointManager.DefaultConnectionLimit...
tags: ,
no comments

How To Find a Certificate in the Certificate Store

21 באפריל 2013

I wrote a nice helper class that helps me find certificates installed on my machine. Here is the code: Code Snippet public static class CertificateHelper     {         public static X509Certificate2 FindCertificateByThumbprint(string certificateThumbprint)         {             var res = FindCertificateByThumbprint(certificateThumbprint, new X509Store(StoreName.My, StoreLocation.CurrentUser)) ??                       FindCertificateByThumbprint(certificateThumbprint, new X509Store(StoreName.My, StoreLocation.LocalMachine));               if (res == null)                 throw new Exception(string.Format("No certificate found with the thumbprint {0} ", certificateThumbprint));               return res;         }             public static X509Certificate2 FindCertificateByName(string subjectName)         {             var res = FindCertificateByName(subjectName, new X509Store(StoreName.My, StoreLocation.CurrentUser)) ??                       FindCertificateByName(subjectName, new X509Store(StoreName.My, StoreLocation.LocalMachine));               if (res == null)                 throw new Exception(string.Format("No...
tags: ,
no comments

Upload a Certificate Authority to Azure WebRole

If you want to use a client certificate as a client credential you have to make sure the role machine knows your client’s certificate issuer. If your client certificate was created by a self signed CA (Certificate Authority) it means that you have to upload the CA itself to the role’s trusted root certificate authority certificate store. The problem is that for some reason uploading a certificate to the trusted root certificate authority certificate store is NOT supported for web roles. The solution is simply: Upload the CA certificate to the “My” certificate store...
no comments

Client Certificates in Windows Azure

7 באפריל 2013

A simple method to authenticate customers is by using client certificates. Smart card and enterprise customers are just two basic scenarios. Lets describe how to implement client certificate authentication in a simple Web API service deployed in Windows Azure. The first thing we need to do is to establish an SSL channel. Client certificates can only be attached to a SSL request. To do that we need to create an SSL certificate and sign it by a trusted CA (Certificate Authority). We can create a certificate request using IIS and send it to the CA. (see figure)...
one comment