My Azure Web Role (Cloud Services, not WebApp) needs to support Client certificates.
I've found that I can change the config of the website via included WebRole.cs snippet. When deployed, the Client Certificate setting in IIS is changed (when I remote to the servers), but it is not working and I get authorization errors. However, if I manually in the IIS manager click off/on the Require SSL cert and "Apply Changes", everything seems to work. Webrole is running in the ELEVATED mode. What am I missing?
public override bool OnStart()
{
try
{
using (var server = new ServerManager())
{
const string siteNameFromServiceModel = "Web"; // TODO: update this site name for your site.
var siteName = string.Format("{0}_{1}", RoleEnvironment.CurrentRoleInstance.Id, siteNameFromServiceModel);
var config = server.GetApplicationHostConfiguration();
var accessSection = config.GetSection("system.webServer/security/access", siteName);
accessSection["sslFlags"] = @"Ssl,SslRequireCert";
server.CommitChanges();
}
}
catch (Exception ex)
{
// handle error here
}
return base.OnStart();
}
Appears that I needed to have plased SslNegotiateCert setting in as well, like so:
accessSection["sslFlags"] = @"Ssl, SslNegotiateCert, SslRequireCert";