Whilst expanding one’s knowledge on Windows Azure one will eventually end up with the authentication and authorization dealings using Windows Identity Foundation. Windows Identity Foundation (WIF) is a Microsoft technology that offers APIs for ASP.NET and WCF developers that can be used to build claims-aware and federation capable applications.
Microsoft has released the identity developer training kit to get you started on WIF. My con-colleague Patriek van Dorp also recommends reading Programming Windows Identity Foundation to get a firm grasp on all the facets of building claims based applications. Of course I ordered the book and started on the training kit but whilst getting my Identity Groove on I immediately run in to trouble setting up certificates for my lab: WindowsAzureAndPassiveFederation.
To keep the story short I forgot to run the SetupCmd. Why? I had so many problems with the Azure trainingkit not running properly settings up labs, I automatically run in do it yourself mode.
For those still reading, doing it yourself can be quite educational you’ll get into the whole certificate registration
hell process. The training kit uses CAPICOM, MakeCert, pvk2pfx to setup certificates on your machines to enable trust relations between the various components in your solution. For me making a certificate was not that hard seeing that the command was readily available in the setup scripts. But because I didn’t have CAPICOM installed I was not sure how to install the certificates correctly.
The certificate you need to have installed in the Windows Azure Web Role comes from the LocalMachine location. Unknown to me was that the certificate I installed in the store didn’t contain a private key (I uploaded the .CER file, I should have uploaded the .PFX file) . I wanted to remove the file but was sure as the command I was supposed to use to remove it from my localmachine location store. After some looking around I found the answer to view my certificates from my localmachine, the thing to remember is to select the local computer. From this screen it’s easy to view your certificates but also delete and import new ones.