In this section we will learn how to add RDP access credentials to an already deployed LightSwitch application which you have already published. You can visit part 1 and part 2 of my articles on the same topic as below:

The need for this topic arise because LightSwitch Azure Publish wizard directly deploy application to Windows Azure using wizard (as explained in above part 2) however the wizard does not have a way to configure RDP access to the same application. This article fulfill the gap. 

To start with, I would assume that you already have your LightSwitch application running in Azure and if you see your application bin folder you will see the following files: 

As you can see we have CSPKG, CSCFG and CSDEF files in above folder, which are main file related with Windows Azure. To add RDP access we will need to edit both CSDEF and CSCFG files.

First we need to generate RDP access credentials for any Windows Azure Application so we can export them in above LightSwitch CSDEF and CSCFG files. Now to start with please create a simple helloworld Azure application and use Publish option to add RDP access to it. 

Note: To learn how to add RDP access to Azure application please visit: http://blogs.msdn.com/b/avkashchauhan/archive/2011/04/03/setting-rdp-access-in-windows-azure-application-with-windows-azure-sdk-1-3-1-4.aspx

In Windows Azure application RDP Access a PFX certificate is used to encrypt RDP access credentials and this FX certificate must be uploaded in "certificate" section of your Windows Azure Application. So there are two options:

  1. We can create a new PFX certificate and use it to encrypt RDP access credentials and then upload PFX to  "certificate" section of your Windows Azure Application in Windows Azure Portal.
  2. We can use the same PFX certificate which we have use to sign XAP file in "Specify a certificate" section (Part 2)

Because above option 1 is already described in my blog link  above, I have decided to use option 2.

In the HelloWorld application publish wizard, I am used the same certificate as below:

If you match the certificate thumbprint above with Windows Azure Application certificate, you can verify that the thumbprint does match so I don't need to upload it again. 

Now once  RDP access setting is completed in a sample helloworld application, you can see following entries which we will use in our LightSwitch application:

ServiceDefinition.CSDEF (RDP Access related settings only)

 <Imports>
<Import moduleName="RemoteAccess" />
<Import moduleName="RemoteForwarder" />
</Imports>

ServiceConfiguration.cscfg (RDP Access related settings only)

 <ConfigurationSettings>
<Setting name="Microsoft.WindowsAzure.Plugins.RemoteAccess.Enabled" value="true" />
<Setting name="Microsoft.WindowsAzure.Plugins.RemoteAccess.AccountUsername" value="avkashc" />
<Setting name="Microsoft.WindowsAzure.Plugins.RemoteAccess.AccountEncryptedPassword" value="MIIBHwYJKoZIhvcNAQcDoIIBEDCCAQwCAQAxgdkwgdYCAQAwPzArMSkwJwYDVQQDEyBBdmthc2ggV2luZG93cyBBenVyZSBQb3J0YWwgQ2VydAIQXNki5y7CtptNzxrLjUQ52zANBgkqhkiG9w0BAQEFAASBgC2KUWTLVFI0NtfhznAc+LC40l/jmFBdoDlYqh7pBDs4ujEvYCTUDuqfVp2jlqRgKJGUf6UFxaXKDgnT78dirwuRnw8aYvlkLEDb0OvjG1DQWFp72XGwp3U8hSljX41zXnkjprEJo4tgaFQIycXkROU4y+11GfOgfzD4A75A95PHMCsGCSqGSIb3DQEHATAUBggqhkiG9w0DBwQI2oBjQVC07caACMjaoYP3REwm" />
<Setting name="Microsoft.WindowsAzure.Plugins.RemoteAccess.AccountExpiration" value="2011-11-30T23:59:59.0000000-08:00" />
<Setting name="Microsoft.WindowsAzure.Plugins.RemoteForwarder.Enabled" value="true" />
</ConfigurationSettings>
<Certificates>
<Certificate name="Microsoft.WindowsAzure.Plugins.RemoteAccess.PasswordEncryption" thumbprint="A77B40E35556DFDB09C3B246453A548B2D7B9444" thumbprintAlgorithm="sha1" />
</Certificates>

Now we will try to migrate these settings into our LightSwitch application. Here you will need to update ServiceDefinition.csdef and ServiceConfiguration.cscfg which are located at the root of LightSwitch application:




Now lets update the ServiceDefinition.csdef which is located @ C:\Azure\AzureLightSwitchWebRole\AzureLightSwitchWebRole\ServiceDefinition.csdef

ServiceDefinition.csdef (LightSwitch Application updated with RDP Access settings )

<ServiceDefinition name="AzureLightSwitchWebRole" xmlns="http://schemas.microsoft.com/ServiceHosting/2008/10/ServiceDefinition">
<WebRole name="LightSwitchWebRole"
vmsize="Small"
enableNativeCodeExecution="true">
<ConfigurationSettings>
<Setting name="Microsoft.LightSwitch.Trace.Enabled" />
<Setting name="Microsoft.LightSwitch.Trace.LocalOnly" />
<Setting name="Microsoft.LightSwitch.Trace.Level" />
<Setting name="Microsoft.LightSwitch.Trace.Sensitive" />
<Setting name="Microsoft.LightSwitch.Trace.Categories" />
<Setting name="Microsoft.LightSwitch.RequireEncryption" />
</ConfigurationSettings>
<Sites>
<Site name="Web">
<Bindings>
<Binding name="HttpIn" endpointName="HttpIn" />
<Binding name="HttpsIn" endpointName="HttpsIn" />
</Bindings>
</Site>
</Sites>
<Endpoints>
<InputEndpoint name="HttpIn" protocol="http" port="80" />
<InputEndpoint name="HttpsIn" protocol="https" port="443" certificate="SSLCertificate" />
</Endpoints>
<Certificates>
<Certificate name="SSLCertificate" storeLocation="LocalMachine" storeName="My" />
</Certificates>
<Imports>
<Import moduleName="RemoteAccess" />
<Import moduleName="RemoteForwarder" />
</Imports>
</WebRole>
</ServiceDefinition>


Now lets update the ServiceConfiguration.cscfg which is located @ C:\Azure\AzureLightSwitchWebRole\AzureLightSwitchWebRole\ServiceConfiguration.cscfg

ServiceConfiguration.cscfg (LightSwitch Application updated with RDP Access settings)

<ServiceConfiguration serviceName="AzureLightSwitchWebRole" xmlns="http://schemas.microsoft.com/ServiceHosting/2008/10/ServiceConfiguration">
<Role name="LightSwitchWebRole">
<Instances count="1" />
<ConfigurationSettings>
<!-- A value of true will enable diagnostic logging on the server -->
<Setting name="Microsoft.LightSwitch.Trace.Enabled" value="false" />
<!-- A value of true only lets local access to Trace.axd -->
<Setting name="Microsoft.LightSwitch.Trace.LocalOnly" value="true" />
<!-- The valid values for the trace level are: None, Error, Warning, Information, Verbose -->
<Setting name="Microsoft.LightSwitch.Trace.Level" value="Information" />
<!-- A value of true will indicate that logging sensitive information is okay -->
<Setting name="Microsoft.LightSwitch.Trace.Sensitive" value="false" />
<!-- The semi-colon separated list of categories that will be enabled at the specifed trace level -->
<Setting name="Microsoft.LightSwitch.Trace.Categories" value="Microsoft.LightSwitch" />
<!-- A value of true will indicate http requests should be re-directed to https -->
<Setting name="Microsoft.LightSwitch.RequireEncryption" value="true" />
<Setting name="Microsoft.WindowsAzure.Plugins.RemoteAccess.Enabled" value="true" />
<Setting name="Microsoft.WindowsAzure.Plugins.RemoteAccess.AccountUsername" value="avkashc" />
<Setting name="Microsoft.WindowsAzure.Plugins.RemoteAccess.AccountEncryptedPassword" value="MIIBHwYJKoZIhvcNAQcDoIIBEDCCAQwCAQAxgdkwgdYCAQAwPzArMSkwJwYDVQQDEyBBdmthc2ggV2luZG93cyBBenVyZSBQb3J0YWwgQ2VydAIQXNki5y7CtptNzxrLjUQ52zANBgkqhkiG9w0BAQEFAASBgC2KUWTLVFI0NtfhznAc+LC40l/jmFBdoDlYqh7pBDs4ujEvYCTUDuqfVp2jlqRgKJGUf6UFxaXKDgnT78dirwuRnw8aYvlkLEDb0OvjG1DQWFp72XGwp3U8hSljX41zXnkjprEJo4tgaFQIycXkROU4y+11GfOgfzD4A75A95PHMCsGCSqGSIb3DQEHATAUBggqhkiG9w0DBwQI2oBjQVC07caACMjaoYP3REwm" />
<Setting name="Microsoft.WindowsAzure.Plugins.RemoteAccess.AccountExpiration" value="2011-11-30T23:59:59.0000000-08:00" />
<Setting name="Microsoft.WindowsAzure.Plugins.RemoteForwarder.Enabled" value="true" />
</ConfigurationSettings>
<Certificates>
<Certificate name="Microsoft.WindowsAzure.Plugins.RemoteAccess.PasswordEncryption" thumbprint="A77B40E35556DFDB09C3B246453A548B2D7B9444" thumbprintAlgorithm="sha1" />
</Certificates>
</Role>
</ServiceConfiguration>

Note: It is always good practice to have backup of your above CSCFG and CSDEF files.


Now you can rename CSPKG, CSCFG and CSDEF which are located @ C:\Azure\AzureLightSwitchWebRole\AzureLightSwitchWebRole\Bin\<Release|Debug>\

After it you can start the same publish wizard and publish it again. you will see new CSCFG, CSDEF and CSPKG files are created as below:


After the publish is completed you can verify that RDP access is enabled in your Application. When you select your role at Windows Azure Management Portal you can see that RDP access is enabled and can be configured (if needed) as below:

When you select your Instance at Windows Azure Management Portal you can see that RDP access is enabled and can be configured (if needed) as below:



Now you can launch the RD Connection to your LightSwitch Application and without any problem you will have to your VM as below:

If you need assistance on how to use RD connection with Azure VM please visit: http://blogs.msdn.com/b/avkashchauhan/archive/2011/04/03/how-to-login-into-windows-azure-virtual-machine-using-remote-desktop.aspx