Click here to Skip to main content
65,938 articles
CodeProject is changing. Read more.
Articles / Hosted-services / Azure

Making your Azure REST WCF Service work via HTTPS

4.80/5 (7 votes)
12 Jan 2015CPOL3 min read 16K  
You need to change your default HTTP protocol to HTTPS in your Azure WebService. This article explains how to do it.

Introduction

You created my Azure WCF RESTfull service, uploaded it to Azure, tested and you're ready fro production but...you don't want to work using open HTTP protocol and want to have secure HTTPS connection. I thought that the change is pretty symple change binding from webHTTPBinding to something like webHTTPSBindning. But the reality is a little bit different. To make my RESTfull service working over HTTPS I had to play with it a little bit, read dozens of different articles and compile something that finally worked for me. Below is my version how to change your default HTTP protocol configured in Azure service to HTTPS.

Steps

  1. We need to create a certificate. For this purpose there can be used 3rd party vendor that provides certificate or we can do it by ourselves using windows tools. I choose second option. For this purpose you need to run development console from VS tools. NOTE: command prompt should be run as administrator
  2. When console is executed you need to run following command there to create certificate:

makecert -r -pe -n CN=ispeakSSLCert -sky signature ispeakSSLCert.cer -sv ispeakSSLCert.pvk

In this command iSpeakSSLCert is the name I choose for certificate. I correlates with my cloud application name: ispeak

Image 1

When command run it creates certificate and asks you for a password for key:

Image 2

And verifies it

Image 3

When everything is done you'll see "succeeded" in console

Image 4

  1. Next step we create .pfx file that is actually storing for certificate. For this purpose we run next command using password from step above:

pvk2pfx -pvk ispeakSSLCert.pvk -spc ispeakSSLCert.cer -pfx ispeakSSLCert.pfx -pi the-password-you-used

Image 5

If you don't see any errors on this step it means you’re succeeded

  1. Next step is to open  C:\Windows\SysWOW64 (if you’re using 64-bit Windows 8) or C:\Windows\System32 (if you’re using 32-bit Windows 8) and you’ll see the files

Image 6

  1. Now let's install our certificate on local system by double-clicking .cer file :

Image 7
Image 8

Image 9Image 10

Image 11
Image 12



 

  1. You can run command certmgr.msc to open certificates management application and there you can see your certificate
  2. Next in visual studio navigate to  web role properties:

Image 13

 

  1. In properties window open Certificates and press "Add Certificate"

Image 14




 

  1. Give the certificate a name, select “Local Machine” for the store location, select “My” for the store name, and click “…” in the thumbprint part to select the certificate we’ve created from the list

Image 15

Image 16




 

  1. After certificate is added we need to add also HTPS endpoint as shown in screenshot below:


Image 17




 

  1. After all these things are configured make sure that you ServiceConfiguration.Local and ServiceConfiguration.Cloud files contain certificates section as shown below for my example:

    <Certificates>

      <Certificate name="iSpeakCerfificate" thumbprint="7631B8220A6A7C4BE63A752F0FE59F00A5E61030" thumbprintAlgorithm="sha1" />

    </Certificates>

  1. You should also check service definition file for section with certificates as well:

    <Certificates>

      <Certificate name="iSpeakCerfificate" storeLocation="LocalMachine" storeName="My" />

    </Certificates>

  1. Now the most important part: make sure your binding contains <security mode="Transport" />
  2. That's it. After all these things done I was able to run my service via HTTPS and HHTP with 2 endpoints at the same time:

Image 18

Image 19

 

At the moment both my endpoints opened using same binding and basing on this HTTP one doesn't work. Because of changes in security mode. I've removed HTTP binding at all from my solution and work only via HTTPS.

License

This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)