May, 2009

  • Cloudy in Seattle

    Adding an HTTPS Endpoint to a Windows Azure Cloud Service

    • 7 Comments

    [Update: With the November 2009 release of the Windows Azure Tools - this post is now obsolete - an updated post is available here]

    Lately there has been a couple of threads on the forum and some internal email around setting up an https endpoint on a Windows Azure Cloud Service.

    A good starting point is this article, but there are some common issues that people run into that I wanted to talk about.

    First are the cert requirements. 

    • The certificate must contain a private key that is marked exportable
    • The certificate must have the Server Authentication Intended Purpose

    When running on the Development Fabric, the certificate also needs to be self-signed – this is to prevent any security issues around leaking the private key of a real certificate.

    Let’s walkthrough the steps to trying an https endpoint on the Development Fabric:

    1) open the ServiceDefinition.csdef file in the CloudService project in Visual Studio and add a second InputEndpoint to the WebRole:

      <WebRole name="WebRole">
        <InputEndpoints>
          <InputEndpoint name="HttpIn" protocol="http" port="80" />
          <InputEndpoint name="HttpsIn" protocol="https" port="443" />
        </InputEndpoints>
      </WebRole>
    

    2) If you have a self-signed certificate that meets the requirements above, you can skip ahead to step 9.  Otherwise, let’s use the IIS manager to create a self-signed certificate

    3) Open the IIS Manager and select “Server Certifiates”

    image

    4) On the right side under “Actions”, select “Create Self-Signed Certificate…”

    image

    5) Follow the steps in the IIS Manager and you’ll have a new self-signed cert that supports Server Authentication and has an exportable private key.

    6) The newly created cert will be put in the Personal store in the Local Computer location. Windows Azure Tools (including cspack) look for the certs in the Personal store in the Current User location (we needed to settle on a location and didn’t want it to be one that requires admin elevation).

    7) To move the certs to the Current User location, you can run mmc, add the Certificates snap-in for both “My User Account” and “Computer Account” and drag and drop the certificates to the Personal store in the Current User location.  Alternatively, you can export and import.

    8) If you ever export/import the cert, make sure you export the private key and on import mark the key as exportable:

    image

    9) Right click on the Cloud Service project in the VS Solution Explorer and click “Properties”.  Click on the SSL tab and check to Enable SSL Connections under Development and click “Select from Store…”. 

    image

    10) Select your certificate.  Hit F5 to run.

    11) Navigate to the https endpoint -- the browser will complain as expected because you are using a self-signed certificate:

     image

    12) To see the actual ports that were used for your service, you can bring up the Development Fabric UI (right click on the Development Fabric tray icon) and click on the Service Details for your Deployment:

    image

    13) When you are ready to publish to the real cloud, use the SSL Cloud Service settings to select a certificate for Publish – this is the certificate that is used when publishing for deployment.

    Troubleshooting

    • If you see the error “Role start failed for one or more roles” when specifying an https endpoint, most likely this is because you are trying to use a certificate that does not have an exportable private key.
    • If you see the error “can't locate service descriptions”, most likely this is because you attempted to use a non self-signed certificate when running on the Development Fabric.
  • Cloudy in Seattle

    May CTP of the Windows Azure Tools and SDK - Now Supports Visual Studio 2010 Beta 1

    • 8 Comments

    Windows Azure Tools for Microsoft Visual Studio (includes SDK).  If the release is still propagating, try the Direct Link

    New for the May 2009 CTP:

    • Support for Visual Studio 2010 Beta 1
    • Update for Visual Studio 2008
    • Improved integration with the Development Fabric and Storage services to improve the reliability of debug and run of Cloud Services from Visual Studio
    • Enhanced robustness and stability

    Release notes/Known issues are available here

    Visual Studio 2010 Beta 1 Support:

    You can now use Visual Studio 2010 Beta 1 to build your Cloud Services.  There are a couple of interesting things to note however:

    • The Windows Azure Cloud does not yet support .Net Framework 4.0 – the tools will always create Web and Worker roles that target .Net Framework 3.5. They tools will complain if you try to build a Role project that targets .Net Framework 4.0
    • Visual Studio 2010 compatible samples are available here

    image

     

    Editing Role Properties

    You can now use the Visual Studio Properties Window to edit some of the Role Properties like Enabling Full Trust and setting the instance count.

    image

    Feedback

    As always – we love getting your feedback, you can email me off this blog, visit our Forum or enter a bug.

  • Cloudy in Seattle

    Azure Services Platform Developer Challenge

    • 1 Comments

    Azure Services Platform Developer Challenge!

    Everything you need to know from a page hosted on Windows Azure: http://www.newcloudapp.com/

    Couple things to point out:

    • There are 3 categories .Net Applications ($5000 prize), PHP Applications ($5000 prize)  and a Community Winner ($2500 prize)
    • Submission dealine is June 18, 2009
    • More info here and here

    Pretty cool contest, can't wait to see the kinds of apps that get built -- Start your engines!

     

Page 1 of 1 (3 items)