locked
Certificates for using HDInsight .NET SDK from a Azure Web Site RRS feed

  • Question

  • Hello,

    I'm trying to create a Web API (asp.net) that make use of HDInsight .NET SDK for HDInsight Cluster provisioning.

    Following the examples that I found in the official documentation, I can see that it is necessary to create a self-signed certificate in order to connect HDInsight from a asp.net application. Then you need to install the certificate locally (using certmgr.msc) and upload it to Azure. So, my first question as follows: what kind (.cer / .pfx / .pem?) of certificate have to be uploaded to Azure, and what kind of certificate is used in the Application running "locally"?  

    Apart from that, my real problem is that in the documentation, the example is a desktop app that runs o a windows machine, so it is able to load the installed certificate from wherever the certificate store is. However, what I am developing is a asp.net Web API that is deployed as an Azure Web Site... I don't know how to "add" the certificate to my Azure Web Site, so that I can connect from it to HDInsight through the HDInsight .NET SDK

    Has somebody dealt with this problem?

    Thank you in advance.

    Wednesday, March 18, 2015 10:03 AM

Answers

  • Hey Carlos,

    This thread was just brought to my attention. The short answer is it is possible.

    To answer your first question, it is a pfx file. You can load the certificate into the HDInsight SDK from a file like this.

               var hdInsightClient =  HDInsightClient.Connect(new HDInsightCertificateCredential(Guid.Parse("{your subscription id}"),
                    new X509Certificate2(@"Path\To\MymyCertificate.pfx", "MySecurePassword")));

    Now to do this from an azure website application, you need to just add the .pfx file to your WebAPI project.

    You can right click on your web project and click add existing item. Be careful about where you put this file, you don't want this file to be publicly accessible. Also from a security standpoint. you should keep your pfx password in web config in an encrypted manner if possible.

    Thanks,
    Augustine Mathew (SDE Windows Azure HDInsight)

    • Proposed as answer by Manu Rekhar Monday, March 23, 2015 11:36 AM
    • Marked as answer by Manu Rekhar Thursday, March 26, 2015 3:05 PM
    Sunday, March 22, 2015 2:24 AM

All replies

  • Hi,

    Thank you for posting in here.
    We are checking on this and will get back at earliest.

    Regards,
    Manu Rekhar
    Wednesday, March 18, 2015 12:10 PM
  • Hey Carlos,

    This thread was just brought to my attention. The short answer is it is possible.

    To answer your first question, it is a pfx file. You can load the certificate into the HDInsight SDK from a file like this.

               var hdInsightClient =  HDInsightClient.Connect(new HDInsightCertificateCredential(Guid.Parse("{your subscription id}"),
                    new X509Certificate2(@"Path\To\MymyCertificate.pfx", "MySecurePassword")));

    Now to do this from an azure website application, you need to just add the .pfx file to your WebAPI project.

    You can right click on your web project and click add existing item. Be careful about where you put this file, you don't want this file to be publicly accessible. Also from a security standpoint. you should keep your pfx password in web config in an encrypted manner if possible.

    Thanks,
    Augustine Mathew (SDE Windows Azure HDInsight)

    • Proposed as answer by Manu Rekhar Monday, March 23, 2015 11:36 AM
    • Marked as answer by Manu Rekhar Thursday, March 26, 2015 3:05 PM
    Sunday, March 22, 2015 2:24 AM