Creating X.509 certificate from Windows Azure BLOB

Sometime you may have to create X.509 certificate on the fly. Imagine you are writing a WCF Service to be hosted in App Fabric or creating a WCF Service Web Role to be hosted in Microsoft Data center. In these scenarios you don’t have access to local file system and in the service you are performing Azure subscription level operation using Windows Azure Management API. So to authenticate WCF Service against Windows Service subscription you need to provide the certificate.

 

image

 

Essentially there are three steps involved in this process,

  1. Read X.509 Certificate file (.cer) from AZURE BLOB.
  2. Create X.509 certificate from the downloaded file from Azure BLOB.
  3. Pass the created certificate as part of request to authenticate.

 

Read Certificate file from Windows AZURE BLOB storage as byte array

image

In above code snippet, we are reading certificate file from BLOB as an array of byte data. You need to add reference of Microsoft.WindowsAzure and Microsoft.WindowsAzure.StorageClient . Container Name is name of your public container.

Create X.509 certificate

Once you have byte array form Azure BLOB, you can create X.509 certificate to be authenticated using the byte array as below,

image

Pass the Certificate to authenticate

 

clip_image001

clip_image002

Here while making call you can add certificate created from AZURE BLOB file .

For your reference full source code is as below,

 



using System;
using System.IO;
using System.Linq;
using System.Net;
using System.Security.Cryptography.X509Certificates;
using System.Xml.Linq;
using Microsoft.WindowsAzure;
using Microsoft.WindowsAzure.StorageClient;



namespace ConsoleApplication26
{
    class Program
    {
        static void Main(string[] args)
        {

                      CloudStorageAccount cloudStorageAccount = CloudStorageAccount.Parse("DataConnectionString");
            CloudBlobClient cloudBlobClient = cloudStorageAccount.CreateCloudBlobClient();
            CloudBlobContainer cloudBlobContainer = cloudBlobClient.GetContainerReference("ContainerName");
            CloudBlob cloudBlob = cloudBlobContainer.GetBlobReference("debugmode.cer");
            Console.WriteLine(cloudBlob.DownloadText());
            Console.ReadKey(true);
            byte[] byteData = cloudBlob.DownloadByteArray();
            X509Certificate2 certificate = new X509Certificate2(byteData);

           var request = (HttpWebRequest)WebRequest.Create("https://management.core.windows.net/697714da-b267-4761-bced-b75fcde0d7e1/services/hostedservices");
           request.Headers.Add("x-ms-version:2009-10-01");
           request.ClientCertificates.Add(certificate);

            var response = request.GetResponse().GetResponseStream();
            var xmlofResponse = new StreamReader(response).ReadToEnd();

            XDocument doc = XDocument.Parse(xmlofResponse);
            XNamespace ns = "http://schemas.microsoft.com/windowsazure";
            var servicesName = from r in doc.Descendants(ns + "HostedService")
                               select new HostedServices
                               {
                                   serviceName = r.Element(ns + "ServiceName").Value
                               };

            foreach (var a in servicesName)
            {
                Console.WriteLine(a.serviceName);
            }



            Console.ReadKey(true);


        }

        static public  byte[] ReadToEnd(System.IO.Stream stream)
        {
            long originalPosition = stream.Position;
            stream.Position = 0;
            try
            {
                byte[] readBuffer = new byte[4096];
                int totalBytesRead = 0;
                int bytesRead;
                while ((bytesRead = stream.Read(readBuffer, totalBytesRead, readBuffer.Length - totalBytesRead)) > 0)
                {
                    totalBytesRead += bytesRead;
                    if (totalBytesRead == readBuffer.Length)
                    {
                        int nextByte = stream.ReadByte();
                        if (nextByte != -1)
                        {
                            byte[] temp = new byte[readBuffer.Length * 2];
                            Buffer.BlockCopy(readBuffer, 0, temp, 0, readBuffer.Length);
                            Buffer.SetByte(temp, totalBytesRead, (byte)nextByte);
                            readBuffer = temp;
                            totalBytesRead++;
                        }
                    }
                }
                byte[] buffer = readBuffer;
                if (readBuffer.Length != totalBytesRead)
                {
                    buffer = new byte[totalBytesRead];
                    Buffer.BlockCopy(readBuffer, 0, buffer, 0, totalBytesRead);
                }
                return buffer;
            }
            finally
            {
                stream.Position = originalPosition;
            }
        }

     public    class HostedServices
        {
            public string serviceName { get; set; }
        }
    }
}


 

I hope this post was useful. Thanks for reading Smile

 

Uploading management certificate in Windows Azure subscription

To work with Service Management API client has to authenticate itself to the Azure portal. You need to upload X.509 certificate to the portal. There are many ways and several tools available to crate X.509 certificates. Easiest way I find is using IIS.

Read here to create certificate for Azure subscription

Before you go ahead and upload certificate, let us understand that there are two types of certificate can be uploaded

Before you go ahead and upload certificate, let us understand that there are two types of certificate can be uploaded

 

clip_image001

 

To upload (.cer) certificate login to Azure portal and select Hosted Service and then Management Certificates option.

 

clip_image002

From top menu choose add certificate,

clip_image004

Browse to choose the certificate file and upload.

clip_image005

Once management level certificates are uploaded successfully, you can work AZURE Management API. Tune in for the next posts. We will see there working with Azure Management API.