Azure web service as a client to an external service, using a client-side certificate

Question

I need to write a web service and host it in Azure. This service in turn consumes another service from an external site. Therefore, my azure-hosted service is a client to this externally-hosted service. When I make a request of the other service, I need to include a client-side certificate in my request.

Has anybody successfully done this? Is it possible to install a certificate in a web instance in azure? Would it survive the instance restarting? If so, pointers would be appreciated.

I have never worked with client-side certificates (even on a "real" client) so please forgive me if this is a newbee question.

Checj this link and see if it helps: http://www.dib0.nl/code/367-using-a-client-certificate-with-an-ssl-stream-in-c — Thiago Custodio, Jun 27 '14 at 01:50

score 0 · Answer 1 · edited May 23 '17 at 11:50

The certificates that are uploaded in the cloud service (see the certificates tab under that cloud service in azure portal), which will host your webrole, will be available in the VM of that webrole. So you can access it from the certificate store and use it while making the external web service call. A sample is given in this stackoverflow post. Accessing a web service and a HTTP interface using certificate authentication

score 0 · Answer 2 · answered Jun 27 '14 at 14:07

You can either add certificate via azure management portal, and azure will add it to machine certificate store once it deploy your application on the VM, or you can keep it with your application, for example as embedded resource and load it manually and use with your webservice call. Like this :

private X509Certificate2 GetAuthCertificate()
    {            
        var assembly = Assembly.GetExecutingAssembly();
        Stream stream = null;

        var resources = assembly.GetManifestResourceNames();
        foreach (var resource in resources)
        {
            if (resource.EndsWith(certificateFilename))
            {
                stream = assembly.GetManifestResourceStream(resource);
                break;
            }
        }

        if (stream == null)
            throw new Exception("Certificate not found in embedded rersources");

        using (var ms = new MemoryStream())
        {
            stream.CopyTo(ms);

            var result = new X509Certificate2(ms.ToArray(), "password", X509KeyStorageFlags.Exportable);
            return result;
        }
    }

Azure web service as a client to an external service, using a client-side certificate

2 Answers2