locked
client certificate authentication for Azure End Point RRS feed

  • Question

  • Hello...

    I have a need to receive message from client that can only support http POST with client certificate authentication only..

    My question is what is the best option to implement that:

    - exposing a simple aspx page in Azure with SSL. I have seen sample on having SSL end point in Azure.. But the challenge here is how to setup client certificate authentication ?

    - exposing a WCF REST service. But don't know what to configure client certicate authentication. Again, how to setup client certificate authentication ?

    Is there any sample on how to do this ?

    Thanks

     

     

     

     

     

     

    Friday, November 19, 2010 9:47 AM

Answers

  • Hi,

    The solutions you listed require IIS client certificate authentication, which requires client certificate mapping. Unfortunately it can not be done on Windows Azure currently because iisClientCertificateMappingAuthentication section cannot be overrided at this moment and we're not allowed to modify applicationHost.config. Besides, we can hardly map a certificate to a specific user on the VM.

    My suggestion to the requirement is, you don't need to leverage IIS client certificate authentication (to be honest I seldom use it as it's difficult to extend). Instead, you can use HTTPS and let client post the base 64 encoded certificate along with other data. At server side (ASP.NET or WCF REST service) you can manually check the posted data to do authentication. Since your requirement is only supporting POST my guess is your client is not browser so this solution should work for you.

    Please let me know whether my suggestion can help to resolve this issue.


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. Windows Azure Platform China Blog: http://blogs.msdn.com/azchina/default.aspx
    Monday, November 22, 2010 8:25 AM

All replies

  • I remember Allan Chen having done really helpful post around the same problem. Please refer it here http://social.msdn.microsoft.com/Forums/en-US/windowsazuredevelopment/thread/f2e3a78b-bc8d-4ae8-9193-28f7941ba3da .

     


    http://geekswithblogs.net/IUnknown
    Saturday, November 20, 2010 8:37 PM
  • Hi,

    The solutions you listed require IIS client certificate authentication, which requires client certificate mapping. Unfortunately it can not be done on Windows Azure currently because iisClientCertificateMappingAuthentication section cannot be overrided at this moment and we're not allowed to modify applicationHost.config. Besides, we can hardly map a certificate to a specific user on the VM.

    My suggestion to the requirement is, you don't need to leverage IIS client certificate authentication (to be honest I seldom use it as it's difficult to extend). Instead, you can use HTTPS and let client post the base 64 encoded certificate along with other data. At server side (ASP.NET or WCF REST service) you can manually check the posted data to do authentication. Since your requirement is only supporting POST my guess is your client is not browser so this solution should work for you.

    Please let me know whether my suggestion can help to resolve this issue.


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. Windows Azure Platform China Blog: http://blogs.msdn.com/azchina/default.aspx
    Monday, November 22, 2010 8:25 AM