How to associate a certificate with my subscription?

Question

Hi

Here is what I want to do. I need to associate a management certificate with my subscription without using the management portal. Can this be done only using the Azure Management API? I saw that there is a Add Certificate operation

http://msdn.microsoft.com/en-us/library/windowsazure/ee460817.aspx

but this call also needs authentication (and I don't have a certificate uploaded yet!). So how can I do this?

Is there a way to get that certificate from here:

https://windows.azure.com/download/publishprofile.aspx

but this must be done directly from c#. I need this process automated.

Answer 1

At this time the only way to upload a management certificate is to use the management portal. The Add Certificate call is only used to add certificates to a specific service.

---

Don Glover: AzureDocGuy

Answer 2

At this time the only way to upload a management certificate is to use the management portal. The Add Certificate call is only used to add certificates to a specific service.

---

Don Glover: AzureDocGuy

Correction: Don --> It is possible to upload a management certificate using Service Management API (http://msdn.microsoft.com/en-us/library/windowsazure/jj154124). However to do so, you would need to have at least one management certficate so that you can authenticate Service Management API request to "manage" management certificate.

The "Add Certificate" operation mentioned above is actually regarding adding a SSL certificate to be used by your webrole/worker role and should not be confused with management certificate which is used for authenticating Service Management API requests.

Regarding the question, as to how one can get certificate from a publish profile file, yes it is indeed possible to do so. Publish profile file is an XML file containing information about your subscription and a management certificate.

You could use something like the code below to install the certificate by reading the data from this publish profile file into your local computer's certificate store (I haven't tested this code, so please bear with me if it fails :)):

            X509Certificate2 cert = new X509Certificate2(Convert.FromBase64String(managementCertificateDataFromPublishProfileFile));
            X509Store certificateStore = new X509Store(StoreName.My, StoreLocation.CurrentUser);
            certificateStore.Add(cert);

Hope this helps.

   

Answer 3

At this time the only way to upload a management certificate is to use the management portal. The Add Certificate call is only used to add certificates to a specific service.

---

Don Glover: AzureDocGuy

Correction: Don --> It is possible to upload a management certificate using Service Management API (http://msdn.microsoft.com/en-us/library/windowsazure/jj154124). However to do so, you would need to have at least one management certficate so that you can authenticate Service Management API request to "manage" management certificate.

The "Add Certificate" operation mentioned above is actually regarding adding a SSL certificate to be used by your webrole/worker role and should not be confused with management certificate which is used for authenticating Service Management API requests.

Regarding the question, as to how one can get certificate from a publish profile file, yes it is indeed possible to do so. Publish profile file is an XML file containing information about your subscription and a management certificate.

You could use something like the code below to install the certificate by reading the data from this publish profile file into your local computer's certificate store (I haven't tested this code, so please bear with me if it fails :)):

            X509Certificate2 cert = new X509Certificate2(Convert.FromBase64String(managementCertificateDataFromPublishProfileFile));
            X509Store certificateStore = new X509Store(StoreName.My, StoreLocation.CurrentUser);
            certificateStore.Add(cert);

Hope this helps.

   

Thanks for the reply. My question is more like can I download that publish settings file using code? I know how to proceed from there.

Answer 4

I think you can but you would need to simulate live id login through your code as this URL is protected by live id authentication. 

However I would not recommend doing it through code because each time you download this publish setting file, Windows Azure creates a new management certificate on the fly and adds that certificate to the list of management certificate. Given that there's a limit of 10 management certificates, your code would run for a maximum of 10 times and after that it would give you an error. I'm curious as to why you would want to download this file programmatically?

Hope this helps.

Answer 5

I think you can but you would need to simulate live id login through your code as this URL is protected by live id authentication. 

However I would not recommend doing it through code because each time you download this publish setting file, Windows Azure creates a new management certificate on the fly and adds that certificate to the list of management certificate. Given that there's a limit of 10 management certificates, your code would run for a maximum of 10 times and after that it would give you an error. I'm curious as to why you would want to download this file programmatically?

Hope this helps.

I have wasted my whole day in searching a way to log on on live.com from code. :( And there is no API for that. I need to make this certificate registration automatic if this is possible. I know that you have a limit of 10 certs for a subscription, but I don't know of some other way of doing this from code. After the 10th time it will just tell the user to login on the portal and delete some certificate, this is inevitable.

Answer 6

I was working with somebody a few days ago and they were trying to do something similar. Eventually they ended up implementing it via screen scraping. I tried to download the publish profile file using the same but unfortunately could not do so. It makes use of IE COM object in a C# code (instead of using WebClient or HttpWebRequest) I am including the code to automatically login using the live id below, though it is not complete. Would be interesting to see if you could take it forward and be able to download the file.

using System;
using System.Collections.Generic;
using System.Diagnostics;
using System.Linq;
using System.Net;
using System.Threading;
using SHDocVw;
using mshtml;
using System.Runtime.InteropServices;
using System.IO;

namespace DownloadPublishSettingFileProgrammatically
{
    class Program
    {
        static void Main(string[] args)
        {
            var ie = (new SHDocVw.InternetExplorer());
            object empty = 0;
            ie.Visible = false;
            ie.Navigate("https://windows.azure.com/download/publishprofile.aspx");
            
            while (true)
            {
                if (!ie.Busy)
                {
                    break;
                }
                System.Threading.Thread.Sleep(1000);
            }
            var doc = (HTMLDocument)ie.Document;

            var a = doc.getElementById("i0116");
            if (a != null)
            {
                ((HTMLInputElement)doc.getElementById("i0116")).value = "<your live id>";
                ((HTMLInputElement)doc.getElementById("i0118")).value = "<password>";
                ((HTMLInputElement)doc.getElementById("idSIButton9")).click();

                while (true)
                {
                    if (!ie.Busy)
                    {
                        break;
                    }
                    System.Threading.Thread.Sleep(1000);
                }
                doc = (HTMLDocument)ie.Document;
            }
 
            //When the page loads here, you get a prompt in IE to download the file. 
            //Not sure how to handle this!

            //This anchor element contains the link which I think can be used to download the file.
            //But again I'm stuck as to how to process this.
            var hyperLinkForPublishSettingFile = (HTMLAnchorElement)doc.getElementById("hyperlink1");
            if (hyperLinkForPublishSettingFile != null)
            {

                var urlToNavigateTo = hyperLinkForPublishSettingFile.href;
                ie.Navigate2(urlToNavigateTo);
                while (true)
                {
                    if (!ie.Busy)
                    {
                        break;
                    }
                    System.Threading.Thread.Sleep(1000);
                }
                var doc1 = ie.Document;
            }
        }

    }
}

Also, not related to this but I wrote a blog post a few days ago about how you can create your own publish setting file. However for this you would need to have at least one certificate present in the management certificates. Don't really know if this is going to be useful for you, but you can read the post here: http://gauravmantri.com/2012/09/14/about-windows-azure-publish-settings-file-and-how-to-create-your-own-publish-settings-file/

Hope this helps.

Answer 7

Thanks for the reply but we decided not to do this after all. I've read of such an ideas of using a hidden browser control. Great work.