0

我想使用 Windows Azure 管理 API 以编程方式扩展我的 web 服务。首先,我尝试获得我的管理证书。

我使用 makecert.exe 创建了一个新的自签名证书。它在这里描述。

makecert -sky exchange -r -n "CN=<CertificateName>" -pe -a sha1 -len 2048 -ss My "<CertificateName>.cer"

然后我将我的证书上传到我的天蓝色订阅(这种方式)。我真的在新的和以前的管理门户中看到了我上传的证书。

现在我将以下代码添加到我的网络服务中

private X509Certificate2 GetX509Certificate2()
    {

        // The thumbprint value of the management certificate.
        // You must replace the string with the thumbprint of a 
        // management certificate associated with your subscription.
        string certThumbprint = "mythumprint...";

        // Create a reference to the My certificate store.
        X509Store certStore = new X509Store(StoreName.My, StoreLocation.CurrentUser);

        // Try to open the store.
        try
        {
            certStore.Open(OpenFlags.ReadOnly);
        }
        catch (Exception e)
        {
            if (e is CryptographicException)
            {
                Console.WriteLine("Error: The store is unreadable.");
                debugTable.persist("Error: The store is unreadable.");
            }
            else if (e is SecurityException)
            {
                Console.WriteLine("Error: You don't have the required permission.");
                debugTable.persist("Error: You don't have the required permission.");
            }
            else if (e is ArgumentException)
            {
                Console.WriteLine("Error: Invalid values in the store.");
                debugTable.persist("Error: Invalid values in the store.");
            }
            else
            {
                debugTable.persist("Something got wrong with certificate");
                return null;
            }
        }

        // Find the certificate that matches the thumbprint.
        X509Certificate2Collection certCollection = certStore.Certificates.Find(X509FindType.FindByThumbprint, certThumbprint, false);
        certStore.Close();

        // Check to see if our certificate was added to the collection. If no, throw an error, if yes, create a certificate using it.
        if (0 == certCollection.Count)
        {
            Console.WriteLine("Error: No certificate found containing thumbprint " + certThumbprint);
            debugTable.persist("Error: No certificate found containing thumbprint " + certThumbprint);
            return null;
        }

        debugTable.persist("found cert");
        // Create an X509Certificate2 object using our matching certificate.
        X509Certificate2 certificate = certCollection[0];
        return certificate;
    }

debugtable.persists() 方法将调试消息写入表存储。最后我只在我的表中找到这些条目:

"Error: No certificate found containing thumbprint " + certThumbprint

那么我的代码有什么问题?

4

1 回答 1

4

因此,您在门户中上传了您的证书。这意味着证书可用于对服务管理 API 进行身份验证。

现在,如果您想从托管在 Web/Worker 角色中的 WCF 服务/Web 服务中使用此证书,您还需要在云服务中上传该证书:

在此处输入图像描述

然后,您需要打开 Web/Worker 角色的设置,并通过指定位置、商店名称和指纹在此处添加新证书:

在此处输入图像描述

如果您重新部署应用程序,则证书将可用并且您的 WCF 服务将能够使用它(如果该服务有足够的权限来访问它)。

于 2013-01-04T09:32:21.337 回答