Azure Development Fabric with HTTPS

Posted on August 31, 2010 | Leave a comment

127.0.0.1

It always helps to have tips for common problems. Lately I’ve been looking for helpful hints related to Azure. Usually there is something to be found with the help of Google. Sometimes it is spread around a few different places for one topic.

The hints for this blog post is using HTTPS with Azure Development Fabric. Here are the things I wish someone had told me.

  1. You can select HTTPS on the Web Role properties for an endpoint. You cannot select a hostname to go with this.
  2. All connections are based on using 127.0.0.1 for the server web address.
  3. If IIS is installed (or some other web server), the Windows Azure Web Server will pick the next highest port (either HTTP 81 or HTTPS 444).
  4. The development web server for Azure is not connected to IIS and this can cause confusion sometimes.
  5. Starting the code from Visual Studio will start up to two instances of web browser based on HTTP and HTTPS.  You can control which start from the properties for the web role.
  6. The Azure SDK automatically creates a certificate for 127.0.0.1 when it is first run in Dev Fabric.  This certificate is the same for everyone and it appears to be impossible to switch to a different certificate for Dev Fabric.
  7. Do not ever delete the 127.0.0.1 certificate using the certificate management tools unless you want to re-install the Azure SDK.
  8. You can get the 127.0.0.1 certificate to be trusted by copying the certificated to trusted root (very important for your sanity).
  9. Typically the address for HTTPS is https://127.0.0.1:444/ for your web role.
  10. It is possible to use HTTPS with 127.0.0.1 and have it work with Windows Identity Framework and ADFS.
  11. The settings in the configuration for certificates and the SSL certificate only apply to Azure and not Dev Fabric

If you are only interested in providing HTTPS on Azure, there is a really good post here.

Initially I was only focusing on running the web role without the Dev Fabric.  This gives more flexibility with the configuration (server name and real IIS) but it simply does not work with the Dev Fabric.

After a bit of churn, the code now conforms to using 127.0.0.1 and luckily this should make it easier to share code with team workers.

The philosophy, perhaps, was to make the code not care about the host in any way so that it would easily be published to Azure.

HTTPS is key to supporting Federated Identity.  Without it, there is not much hope for passive federation.

This entry was posted in ADFS, Azure and tagged . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Cancel

Connecting to %s