Setting Up Named Authentication Credentials

To publish an application to Windows Azure from Visual Studio or to monitor an existing cloud service, you must provide credentials that Visual Studio can use to authenticate requests to Windows Azure. In the Windows Azure Management Portal, this authentication process is handled transparently. However, when you use Visual Studio, you must explicitly authenticate your subscription. Two items of data are required for this explicit authentication:

• Your subscription ID

• A valid X.509 v3 certificate

Note
The length of the X.509 v3 certificate's key must be at least 2048 bits. Windows Azure will reject any certificate that doesn’t meet this requirement or that isn’t valid.

Visual Studio uses your subscription ID together with the certificate data as credentials. The appropriate credentials are referenced in the .publishsettings file, which is specific to a subscription and contains a public key for the certificate. The .publishsettings file is created and downloaded to your computer in the following situations:

• When you publish an application from Visual Studio for the first time.

• When you configure the Windows Azure Compute node in Server Explorer to monitor a cloud service for the first time.

You can edit the subscription information from the New/Edit Subscription dialog box, as explained later in this topic.

When you request a .publishsettings file, the management portal generates a single new certificate. The portal then generates the .publishsettings file, which contains the public key of the certificate, the subscription information, and the service-management URL for Windows Azure or your Windows Azure appliance. When you import the .publishsettings file into Visual Studio, the certificate is extracted and installed in the local certificate store. A different certificate is generated every time that you request a .publishsettings file.

However, you might want to create the certificate yourself if, for example, you don’t want a different certificate to be created whenever you request a .publishsettings file. If you would prefer to create a certificate yourself, you can refer to the instructions later in this topic and then manually upload the certificate to the management portal.

Note
These credentials that Visual Studio requires to manage your cloud services aren’t the same credentials that are required to authenticate a request against the Windows Azure storage services.

Modify or Export Authentication Credentials in Visual Studio

You can also set up, modify, or export your authentication credentials in the New/Edit Subscription dialog box, which appears if you perform either of the following actions:

• Use Server Explorer to add a deployment environment to the Windows Azure Compute node. You add a deployment environment by opening the shortcut menu on the Windows Azure Compute node, and selecting Add Deployment Environment. On the Add Deployment Environment dialog box, choose the Manage button, then choose the New button to create new credentials, or select a set of named credentials and choose the Edit button to change them.

• Publish a Windows Azure application from the Publish Windows Azure Project wizard by choosing Manage in the Choose your Subscription list.

The following procedure assumes that the New/Edit Subscription dialog box is open.

To set up authentication credentials in Visual Studio

1. In the Select an existing certificate for authentication list, choose a certificate.

2. Choose the Copy the full path button.

   The path for the certificate (.cer file) is copied to the Clipboard.

   Important
   To publish your Windows Azure application from Visual Studio, you must upload this certificate to the Management Portal.