Exercise 2: Creating the Azure WCF Service
Task 1 – Configuring the WCF Service
In this task, you will create the WCF service and host it on Azure.
- Browse to the Before folder of the Lab.
- Open the solution SPToWinAzureUsingCerts.sln
Right-click the SalaryServiceWebRole under Roles, and click Properties. Then, click the Certificates tab on the left
- Click Add Certificate.
- Type ServerCertificate as the name of the Certificate. Leave the default Store Location to LocalMachine and Store Name to My.
Click the Thumbprint button to bring up the Certificate list. Select the Server Certificate and click OK.
Figure 19
Windows Security – Certificate List
Similarly add another certificate CA (for certificate authority), and choose the signing authority certificate (Ex: azurehol2011_ca)
Figure 20
Windows Security – Certificate List
The Certificate section should now look as follows:
Figure 21
Certificate Section
- Click Endpoints on the left tab
Set the following attributes for the EndPoint.
Type: Input
Protocol: https
Public Port: 443
SSL Certificate Name: ServerCertificate
Figure 22
EndPoint fields
- Save the project.
- Open the Startup.cmd file.
Replace the [THUMBPRINT] with the thumbprint of your signing authority certificate
Figure 23
Sartup.cmd file
Since the signing certificate is self-signed, it must be installed in Root of the Azure Hosted Service. The configuration options do not support this (as a security measure) so this must be done using a Startup task. Also required in the Startup task is the unlocking of the SSL configuration section of Web.config. This step specifies a Startup task with elevated privileges running Startup.cmd
After the changes, the Startup.cmd will look as follows:
Figure 24
Startup.cmd file
Open the Servicedefinition.csdef file, and add the following XML element to the TODO: 5.8.1 section.
<Startup> <Task commandLine="Startup.cmd" executionContext="elevated" taskType="simple"> </Task> </Startup>
- Save, Publish and Deploy (Production Deployment) the solution to the hosted service that you created earlier in Exercise 1 (Ex: AzureHolUsingCerts.CloudApp.net)
The hosted service should now look as follows:
Task 2 – Testing the Service
- On the development machine, open a new instance of the internet explorer browser and navigate to your service URL. Note: You must https (Ex: https://azureholusingcerts.cloudapp.net/salaryservice.svc)
Since your development machine has the client certificate installed in the Personal certificate store, the browser would prompt you to confirm the certificate(Note: Since self-signed certificate is used, you see this Window Security message. When a certificate issues by an authority is used, you will not see this message)
Figure 26
Windows Security Pop-up
- Select the Client Certificate and click OK.
You should be able to see the service details
Figure 27
Service details
Now, try to access the same service from a different machine, where the certificate is not installed. You will notice that the browser shows a server error, and the access to the service is denied
Figure 28
Acces is denied error
To enable access to this service from the machines that does not have access to service, distribute the client certificate and install it on the end-user machine. All end-user machines requiring access to the service should have the client certificate installed in their personal certificate store.
- To test the AdjustSalary method from the machine that has the client certificate, open the browser window and navigate to:https://[Your URL Prefix].cloudapp.net/salaryservice.svc/adjustedsalary?a=1000&b=7Note: Replace the [Your URL Prefix] with the URL prefix of your hosted serviceExample:https://azureholusingcerts.cloudapp.net/salaryservice.svc/adjustedsalary?a=1000&b=7
- Save/download the resulting file (Json output) as adjustedSalary.txt to your local machine. Open the text file. The text file contains the result of the calculation