Installing Identity Server
Applies To: Windows Azure Pack
There are multiple steps to installing thinktecture Identity Server for use with Windows Azure Pack.
Installing Identity Server
To Install Identity Server for Use with Windows Azure Pack.
Using the project created in Preparing the Identity Server Source Code Project, copy the published code to the location the website will run from. Typically this will be under \inetpub on a Windows Server 2012 computer running IIS. For example c:\inetpub\IdSrv.
Identity Server stores configuration database files in the website folder App_Data. To Add Permissions for the App_Data folder perform the following steps:
To Add Permission to the Website App_Data Folder
Locate the folder App_Data in the location you copied the published website to in the previous step. For example c:\inetpub\IdSrv\App_Data
Right-click the folder, select the Properties menu option and select the Security tab.
Add NETWORK SERVICE to the users group and add Modify Permissions.
Perform the following steps to create a new Application Pool:
To Create a New Application Pool
Open Internet Information Services (IIS) Manager and select the desired server. Then right-click Application Pools and select the Add Application Pool… link on the right.
In the Add Application Pool dialog box add an Application Pool name of your choosing and leave the other values alone.
Click OK to create the application pool.
In IIS Manager, right-click the newly created pool in the Application Pools list and select Advanced Settings.
In the Advanced Settings dialog box in the Process Model section, change the identity for the pool to NetworkService.
Click OK to finish creating the application pool.
A self-signed certificate is required. Perform the following steps to create it.
To Create a Self-Signed Certificate
Open IIS Manager, select the server name and double-click Server Certificates from the center pane.
In the Actions pane, select Create Self-Signed Certificate.
In the Create Self-Signed Certificate dialog box specify a friendly name for the certificate. For example, IdServCert. Leave the certificate store as Personal.
Click OK to create the self-signed certificate.
To allow access to the private key, perform the follow steps.
To Allow Access to the Private Key
Start the Command Prompt and type mmc to start the Microsoft Management Console.
Select the File menu option and select Add or Remove Snap-in.
In the Add or Removes Snap-ins dialog box select Certificates from the Available snap-ins: list and then click the Add button. The Certificates snap in dialog box will be displayed.
In the Certificates snap-iin dialog box, select Computer account and then click the Next button.
Select Local computer and then click the Finish button.
Click OK to close the Add Remove Snap-ins dialog box. box
In the mmc console select Certificates (Local Computer), Personal and then Certificates.
In the center pane, right-click the newly created certificate, select All Tasks and then Manage Private Keys. The permissions for certificate private keys dialog box will be displayed.
In the permissions dialog box, add NETWORK SERVICE to the Group or user names: section and give it read permissions in the Permissions for Network SERVICE section.
Click OK to close the Permissions dialog box.
Click OK to close the Microsoft Management Console.
The final step is to create the Identity Server website
To Create the Identity Server Website
Open IIS Manager, select the host computer in the left pane, right-click the Sites folder and select Add Website.
In the Add Website dialog box, enter the values for the Site name, Application Pool (created earlier in these steps) and the Physical Path to the Identity Server code (created earlier in these steps).
Change the binding Type to https and select an available Port.
In SSL certificate select the newly created certificate.
Click OK to create the site.