Setting Up Named Authentication Credentials

To publish an application to Windows Azure from Visual Studio or to monitor an existing cloud service, you must provide credentials that Visual Studio can use to authenticate requests to Windows Azure. In the Windows Azure Management Portal, this authentication process is handled transparently. However, when you use Visual Studio, you must explicitly authenticate your subscription. Two items of data are required for this explicit authentication:

• Your subscription ID
  
  
• A valid X.509 v3 certificate
  
  

Note
The length of the X.509 v3 certificate's key must be at least 2048 bits. Windows Azure will reject any certificate that doesn’t meet this requirement or that isn’t valid.

Visual Studio uses your subscription ID together with the certificate data as credentials. The appropriate credentials are referenced in the .publishsettings file, which is specific to a subscription and contains a public key for the certificate. The .publishsettings file is created and downloaded to your computer in the following situations:

• When you publish an application from Visual Studio for the first time.
  
  
• When you configure the Windows Azure Compute node in Server Explorer to monitor a cloud service for the first time.
  
  

You can edit the subscription information from the New/Edit Subscription dialog box, as explained later in this topic.

When you request a .publishsettings file, the management portal generates a single new certificate. The portal then generates the .publishsettings file, which contains the public key of the certificate, the subscription information, and the service-management URL for Windows Azure or your Windows Azure appliance. When you import the .publishsettings file into Visual Studio, the certificate is extracted and installed in the local certificate store. A different certificate is generated every time that you request a .publishsettings file.

However, you might want to create the certificate yourself if, for example, you don’t want a different certificate to be created whenever you request a .publishsettings file. If you would prefer to create a certificate yourself, you can refer to the instructions later in this topic and then manually upload the certificate to the management portal.

Note
These credentials that Visual Studio requires to manage your cloud services aren’t the same credentials that are required to authenticate a request against the Windows Azure storage services.

Modify or Export Authentication Credentials in Visual Studio

You can also set up, modify, or export your authentication credentials in the New/Edit Subscription dialog box, which appears if you perform either of the following actions:

• Use Server Explorer to add a deployment environment to the Windows Azure Compute node. You add a deployment environment by opening the shortcut menu on the Windows Azure Compute node, and selecting Add Deployment Environment. On the Add Deployment Environment dialog box, choose the Manage button, then choose the New button to create new credentials, or select a set of named credentials and choose the Edit button to change them.
  
  
• Publish a Windows Azure application from the Publish Windows Azure Project wizard by choosing Manage in the Choose your Subscription list.
  
  

The following procedure assumes that the New/Edit Subscription dialog box is open.

To set up authentication credentials in Visual Studio

1. In the Select an existing certificate for authentication list, choose a certificate.

2. Choose the Copy the full path button.

   The path for the certificate (.cer file) is copied to the Clipboard.

   Important
   To publish your Windows Azure application from Visual Studio, you must upload this certificate to the Management Portal.

3. To upload the certificate to the current version of the Management Portal

   1. Choose the Windows Azure Portal link.

      The Management Portal opens.

   2. Sign in to the Management Portal by using your Microsoft account, and then choose the Cloud Services button.

   3. Choose the cloud service that interests you.

      The page for that service opens.

   4. On the Certificates tab, choose the Upload button.

   5. Paste the full path of the .cer file that you just created, and then enter the password that you specified.

4. To upload the certificate to the previous version of the Management Portal

   1. Choose the Windows Azure Portal link, and then sign in to the portal by using your Microsoft account.

      The current version of the Management Portal appears.

   2. In the top-right corner of the portal screen, choose your avatar, and then choose the Previous portal link.

      The previous version of the Management Portal appears.

   3. To view existing certificates in the Management Portal, choose the Hosted Services, Storage Accounts & CDN button, and then choose the Management Certificates button.

   4. To add the new certificate, choose the Add certificate button.

      The Add new management certificate dialog box appears.

   5. In the Choose a subscription list, choose the name of your subscription.

   6. Choose the Browse button.

      The Open dialog box appears.

   7. In the File name text box, paste the path for the certificate that you created, and then choose the Open button.

      The certificate name appears.

   8. Choose the Done button to add this certificate to the Management Portal.

      Important
      The certificate's public key file contains only the public key. If you want to use the certificate on other computers, you must export the key by using Certificate Manager. To launch Certificate Manager, open the Start menu, choose Run, enter certmgr.msc, and then choose the OK button.

   9. Copy the subscription ID, and then paste it in the Copy the subscription ID for your account for your subscription from the Windows Azure Portal text box.

   10. In Name these credentials, enter a name, and then choose the OK button.

       You can now use these credentials to publish any of your Windows Azure applications or monitor any of your cloud services. For more information, see Publishing a Cloud Service using the Windows Azure Tools and Viewing the State of a Cloud Service using Server Explorer.