This post is about the VS template project in the Windows Azure Toolkit for WP.
I succeeded in authenticating into the cloud service from the phone emulator using a self signed certificate. Here's the process :
CREATE SELF-SIGNED CERTIFICATE
- Open the VS prompt in admin mode and create a new self-signed certificate using the makecert command :
makecert -r -pe -n "CN=[yourservicename].cloudnet.app" -b 01/01/2000 -e 01/01/2036 -eku 1.3.6.1.5.5.7.3.1 -ss my -sr localMachine -sky exchange -sp "Microsoft RSA SChannel Cryptographic Provider" -sy 12
- Open the VS prompt in admin mode and create a new self-signed certificate using the makecert command :
makecert -r -pe -n "CN=[yourservicename].cloudnet.app" -b 01/01/2000 -e 01/01/2036 -eku 1.3.6.1.5.5.7.3.1 -ss my -sr localMachine -sky exchange -sp "Microsoft RSA SChannel Cryptographic Provider" -sy 12
Notice the [yourservicename].cloudnet.app certificate name : it's the same as your production cloud service host name. This is the only way I've found so far for the cert name to match the service host, which seems to be a requirement. That means, you need to deploy the service in production instead of staging, since in staging the host name will be generated at deploy time using a GUID which you don't know ahead of time and so you can't configure it into your service endpoints (as shown in the next steps).
- Open the MMC by typing mmc in the start menu. Then, click File -> Add/remove snap-ins -> Certificates -> Add -> OK
Look in the Personal/Certificates directory and find the [yourservicename].cloudnet.app.
Look in the Personal/Certificates directory and find the [yourservicename].cloudnet.app.
EXPORT & UPLOAD THE CERT
- Copy-paste the cert to 'Trusted Root Certification Authorities'/Certificates (so HTTP agents can trust the cert)
- Right-click the certificate and choose All Tasks -> Export to start the export wizard. Select "yes, export the private key", keep the default export file format, and provide a file name and path to export to.
- Log into the Azure Management Portal. Under your hosted service node, select "Certificates", click "Add certificate" to open the "Upload an X.509 certificate" dialog, select the exported file on your local machine and click OK to upload the cert to the cloud and associate it with your service role.
CONFIGURE AND PUBLISH CLOUD PROJECT
- In the Visual Studio WP7 cloud application template, open the properties page for the web role. Go to the Endpoints tab, and for the https endpoint, select the newly created certificate using the '...' list (give it a friendly name).
- Right click the cloud project and select 'Publish' to publish the service to the cloud
INSTALL CERT ON PHONE EMULATOR
In a new Visual Studio instance, open the W7CertInstaller project (if you haven't, download it from http://wp7certinstaller.codeplex.com)* Configure the WP7CertInstaller web app to run in IIS instead of the dev server
* Make the WP7CertInstallerExample phone app the startup project
* In MainPage.xaml.cs, change the CertificateUrl string to https://localhost/WP7CertInstaller/Certificate.p7b?findBy=FindByThumbprint&findValue=[your cert thumbprint](you get your cert thumbprint from the MMC or from the management portal by selecting the uploaded certificate)
- Without closing the emulator (otherwise the cert will be uninstalled), you can now run your WP7 cloud app from Visual Studio, and login or register from the phone emulator.
Note that instead of opening the wp7certinstaller project separately each, you can just host the wp7certinstaller web app locally once and for all and import the TrustedRootCertificateInstaller.cs class into your wp7 cloud app project so you can easily install the certificate in the emulator each time you need to.
Happy authenticating!