Homepage image
Sample of the Day RSS Feed

 

Sample Download: http://code.msdn.microsoft.com/CSAzureSSLForPage-e844c9fe image

Today’s code sample demonstrates how to configure SSL for specific page(s) while hosting the application in Windows Azure.   If you are developing applications in Windows Azure or if you are learning Windows Azure, we hope that the Microsoft All-In-One Code Framework sample would reduce your effort in this typical Windows Azure programming scenario.

The sample was written by the Microsoft Escalation Engineer Narahari Dogiparthi. image

You can find more code samples that demonstrate the most typical programming scenarios by using Microsoft All-In-One Code Framework Sample Browser or Sample Browser Visual Studio extension. They give you the flexibility to search samples, download samples on demand, manage the downloaded samples in a centralized place, and automatically be notified about sample updates.  If it is the first time that you hear about Microsoft All-In-One Code Framework, please watch the introduction video on Microsoft Showcase, or read the introduction on our homepage http://1code.codeplex.com/.

 

Introduction

While hosting the applications in Azure, developers are required to modify IIS settings to suit their application requirements. Many of these IIS settings can be modified only programmatically and developers are required to write code, startup tasks to achieve what they are looking for. One common thing customer does while hosting the applications on-premise is to mix the SSL content with non-SSL content. In Azure, by default you can enable SSL for entire site. There is no provision to enable SSL only for few pages. Hence, i have written sample that customers can use it without investing more time to achieve the task.

 

Building the Sample

This sample needs to be configured with sitename before running it.

1. Under OnStart() Method, Locate following line, read and make changes to this line of code as per comments below.

// Since we are looking to enable SSL for only specific page, get the section 
// of configuration which needs to be changed for specific location 
// Website name can be obtained using RoleEnvironment.CurrentRoleInstance.Id 
// and then append "_" along with actual site name specified in ServiceDefinition.csdef 
// Default name of the website is Web. If you have specified different sitename, 
// please replace "Web" with the specified name in below line of code. 
ConfigurationSection section = config.GetSection("system.webServer/security/access", 
    RoleEnvironment.CurrentRoleInstance.Id + "_Web" + "/sslpage.aspx"); 

2. If you need to enable SSL for multiple pages, below lines should be repeated in the code. Highlighted portion is where you need to replace with page name you are trying to configure SSL for.

ConfigurationSection section = config.GetSection("system.webServer/security/access", 
    RoleEnvironment.CurrentRoleInstance.Id + "_Web" + "/sslpage.aspx"); 
  
// Get the sslFlags attribute which is used for configuring SSL settings 
ConfigurationAttribute enabled = section.GetAttribute("sslFlags"); 
  
// Configure sslFlags value as "ssl". This will enable "Require SSL" flag 
enabled.Value = "Ssl"; 

3. In the sample, I have configured https endpoint, RDP access using the certificates I have on my machine. You would need to re-configure certificates using the ones you have on your machine or create new certificates for these purposes. To change the certificates, Open the project, go to the properties of the sslRole as shown below and modify the highlighted certificates.

image

 

Running the Sample

Configure the variables as mentioned in the “Building the sample” section and then run the sample by clicking F5 in VS or build the sample and run the exe. Once you confirm that the sample is working, take the code from OnStart() method and incorporate with actual application.

 

Using the Code

Add references to Microsoft.Web.Administration (location: <systemdrive>\system32\inetsrv) assembly and add below using statement to your project

using Microsoft.Web.Administration; 

Code to configure SSL is below:

// Create new ServerManager object to modify IIS7 configuration 
ServerManager serverManager = new ServerManager(); 
  
// Retrieve Current Application Host Configuration of IIS 
Configuration config = serverManager.GetApplicationHostConfiguration(); 
  
// Since we are looking to enable SSL for only specific page, get the section 
// of configuration which needs to be changed for specific location 
// Website name can be obtained using RoleEnvironment.CurrentRoleInstance.Id 
// and then append "_" along with actual site name specified in ServiceDefinition.csdef 
// Default name of the website is Web. If you have specified different sitename, 
// please replace "Web" with the specified name in below line of code. 
ConfigurationSection section = config.GetSection("system.webServer/security/access", 
    RoleEnvironment.CurrentRoleInstance.Id + "_Web" + "/sslpage.aspx"); 
  
// Get the sslFlags attribute which is used for configuring SSL settings 
ConfigurationAttribute enabled = section.GetAttribute("sslFlags"); 
  
// Configure sslFlags value as "ssl". This will enable "Require SSL" flag 
enabled.Value = "Ssl"; 
  
// Save the changes. If role is not running under elevated executionContext, 
// this line will result in exception. 
serverManager.CommitChanges(); 

 

More Information

Exercise 4: Securing Windows Azure with SSL
http://msdn.microsoft.com/en-us/gg271302