Develop Reference

How can I switch an existing Azure web-role from http over to https

I have a working Azure web role which I've been using over an http endpoint. I'm now trying to switch it over to https but struggling mightily with what I thought would be a simple operation. (I'll include a few tips here for future readers to address issues I've already come across).
I have created (for now) a self-signed certificate using the powershell commands documented by Microsoft here and uploaded it to the azure portal. I'm aware that 3rd parties won't be able to consume the API while it has a self-signed certificate but my plan is to use the following for local client testing before purchasing a 'proper' certificate.
ServicePointManager.ServerCertificateValidationCallback += (o, c, ch, er) => true;
Tip: you need upload the .pfx file and then supply the password you used in the powershell script. Don't be confused by suggestion to create a .cer file which is for completely different purposes.
I then followed the flow documented for configuring azure cloud services here although many of these operations are now done directly through visual studio rather than by hand-editing files.
In the main 'cloud service' project under the role I wanted to modify:
I imported the newly created certificate. Tip: the design of the dialog used to add the thumbprint makes it very easy to incorrectly select the developer certificate that is already installed on your machine (by visual studio?). Click 'more options' to get to _your_ certificate and then check the displayed thumbprint matches that shown in the Azure portal in the certificates section.
Under 'endpoints' I added a new https endpoint. Tip: use the standard https port 443, NOT the 'default' port of 8080 otherwise you will get no response from your service at all
In the web.config of the service itself, I changed the endpoint binding for the service so that the name element matched the new endpoint.
I then published the cloud project to Azure (using Visual Studio).
At this point, I'm not seeing the results I expected. The service is still available on http but is not available on https. When I try to browse for it on https (includeExceptionDetailInFaults is set to true) I get:
HTTP error 404 "The resource you are looking for (or one of its dependencies) could have been removed, had its name changed, or is temporarily unavailable"
I interpret this as meaning that the https endpoint is available but the service itself is bound to http rather than https despite my changes to web.config.
I have verified that the publish step really is uploading the new configuration by modifying some of the returned content. (Remember this is still available on http.)
I have tried removing the 'obsolete' http endpoint but this just results in a different error:
"Could not find a base address that matches scheme http for the endpoint with binding WebHttpBinding. Registered base address schemes are [https]"
I'm sure I must be missing something simple here. Can anyone suggest what it is or tips for further trouble-shooting? There are a number of stack-overflow answers that relate to websites and suggest that IIS settings need to be tweaked but I don't see how this applies to a web-role where I don't have direct control of the server.
Edit Following Gaurav's suggestion I repeated the process using a (self-signed) certificate for our own domain rather than cloudapp.net then tried to access the service via this domain. I still see the same results; i.e. the service is available via http but not https.
Edit2 Information from csdef file... is the double reference to "Endpoint1" suspicious?
<Sites>
<Site name="Web">
<Bindings>
<Binding name="Endpoint1" endpointName="HttpsEndpoint" />
<Binding name="Endpoint1" endpointName="HttpEndpoint" />
</Bindings>
</Site>
</Sites>
<Endpoints>
<InputEndpoint name="HttpsEndpoint" protocol="https" port="443" certificate="backend" />
<InputEndpoint name="HttpEndpoint" protocol="http" port="80" />
</Endpoints>
<Certificates>
<Certificate name="backend" storeLocation="LocalMachine" storeName="My" />
</Certificates>

Azure Dedicated Cache Role not working in the cloud

I'm sorry there's not a lot to go on with this, but some pointers in the right direction would be greatly appreciated.
I have an Azure Cloud Service with a web role and a dedicated cache worker role. In the web role, I'm using the cache like so in a Web Api controller:
var cacheFactory = new DataCacheFactory();
_cache = cacheFactory.GetDefaultCache();
And in the web.config:
<dataCacheClients>
<dataCacheClient name="default">
<autoDiscover isEnabled="true" identifier="MyProject.Workers.MyCache" />
</dataCacheClient>
It works fine locally using the Azure emulators, but on deploying to Azure, the controller method times out (after about 15 minutes!). The only error message I have is:
ErrorCode:SubStatus:There is a temporary failure. Please retry later. (One or more specified cache servers are unavailable, which could be caused by busy network or servers. For on-premises cache clusters, also verify the following conditions. Ensure that security permission has been granted for this client account, and check that the AppFabric Caching Service is allowed through the firewall on all cache hosts. Also the MaxBufferSize on the server must be greater than or equal to the serialized object size sent from the client.). Additional Information : The client was trying to communicate with the server: net.tcp://MyProject.Workers.MyCache:24233.
EDIT:
Similar lack of success trying to use the web role itself for caching:
<dataCacheClient name="default">
<autoDiscover isEnabled="true" identifier="MyProject.WebRole" />
<localCache isEnabled="true" sync="NotificationBased" objectCount="100000" ttlValue="300" />
<clientNotification pollInterval="60" />
</dataCacheClient>
Simply nothing coming back from the server. It doesn't even time out!

How to force soap header authentication for my scenario?

The problem is: I need to connect to a soap web service; generated by java code; using ASP.Net client via C# through MS Visual Studio 2013.
Try 1, The usual way:
I have added a web service reference using the wsdl and by assigning the credentials like:
Credentials.Username.Username = "test";
Credentials.Password.Password = "test";
When executing, the following exception is being encountered:
The login information is missing!
Try 2:
I have searched for similar problems like:
how-to-go-from-wsdl-soap-request-envelope-in-c-sharp
Dynamic-Proxy-Creation-Using-C-Emit
c# - Client to send SOAP request and received response
I had chosen to generate a proxy class using the wsdl tool, then added the
header attribute, but I have found the following note from Microsoft:
Note: If the Web service defines the member variables representing the SOAP headers of type SoapHeader or SoapUnknownHeader instead of a class deriving from SoapHeader, a proxy class will not have any information about that SOAP header.
Try 3:
I have tried to change the service model in the client web.config:
<bindings>
<basicHttpBinding>
<binding name="CallingCardServicePortBinding">
<security mode="TransportWithMessageCredential" >
<message clientCredentialType="UserName"/>
</security>
</binding>
</basicHttpBinding>
</bindings>
Then added the credentials like the first try, but the following error appears:
MustUnderstand headers:[{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security] are not understood
So, now I don't know what to do !
I have no control over the web service and I need to build a client that understands it.
Help Please!
The Soap Request template is the following:
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ser="...">
<soapenv:Header>
<credentials>
<userName>someUserName</userName>
<password>somePassword</password>
</credentials>
</soapenv:Header>
<soapenv:Body>
<ser:someRequest>
.......
.......
.......
</ser:someRequest>

If the destination web service uses authentication, then just ASMX won't do, since it is not aware of authentication, encryption etc. You have 2 options:
Use Microsoft WSE: http://www.microsoft.com/en-us/download/details.aspx?id=14089
this is nothing but an extension of ASMX which makes it Security/Encryption aware. (and some other features) technically, you'll be adding a reference to the WSE DLL and your Soap Proxy will extend from the WSE SOAP Client instead of the System one.
once you do that, the proxy class will have additional username/password properties that you can use to authenticate properly.
set the properties and see the outgoing request using fiddler. if the header is not what you want (because of namespaces etc.), then you can write a custom outgoing message inspector and modify the soap request nicely.
The other option (preferred) is to use WCF.
ASMX and WSE are older than WCF. WCF tries to bring all the web service nuances under one roof. if you get a WCF service reference, it (svcutil.exe) will automatically create the proxy class and the right bindings for you. (mostly custom)
once you do that, try setting the user name and password.
if that doesn't work, (i have frequently struggled to generate the right soap header for remote java based services that require username/password authentication), you can define a static header chunk in the web.config/app.config, that'll be sent as part of every request.
e.g.
<client>
<endpoint>
<headers>
<credentials>
<userName>someUserName</userName>
<password>somePassword</password>
</credentials>
</headers>
</endpoint>
</client>

Spring MVC + Spring Security: how to migrate application from http to https

I have built a spring MVC application using Spring Tool Suite. I also used Spring Security to handle access permissions and login/logout.
The application is currently using http protocol, but I want to move to https completely.
What should I do?
Should I also reconfigure STS' VFabric tc Server to run the appliction? If so, how?

You need to configure your application container if you want to use https protocol.
VFabric tc Server docs about SSL:
http://pubs.vmware.com/vfabric5/index.jsp?topic=/com.vmware.vfabric.tc-server.2.6/admin/manual-config-ssl.html
Still you can use Spring Security features. HTTP/HTTPS Channel Security is achieved with ChannelProcessingFilter. Fortunately it can be easily configured with Spring Security XML Namespace.
Spring Docs:
If your application supports both HTTP and HTTPS, and you require
that particular URLs can only be accessed over HTTPS, then this is
directly supported using the requires-channel attribute on intercept-url
Example Config:
<http>
<intercept-url pattern="/secure/**" access="ROLE_USER" requires-channel="https"/>
<intercept-url pattern="/**" access="ROLE_USER" requires-channel="any"/>
</http>
More info: http://static.springsource.org/spring-security/site/docs/3.1.x/reference/springsecurity-single.html#ns-requires-channel

How to check what is the soap meesage passed to the server on click of a button? Fiddler?

I want to capture the SOAP request and actual response from the WebService.
Scenario : On click of a button in asp.net application I call a web service. The Web Service returns an exception : System.Web.Services.Protocols.SoapHeaderException: Access is denied. at System.Web.Services.Protocols.SoapHttpClientProtocol.ReadResponse(SoapClientMessage message, WebResponse response, Stream responseStream, Boolean asyncCall) at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters) at WebRefProject.HRWS.TeamMemberData201012Service.getTeamMemberProfilesByFullName(GetTeamMemberProfilesByFullNameRequest_Type getTeamMemberProfilesByFullName1) in C:\Project\FinalPAT\WebCode\1PSV\WebRefProject\Web References\HRWS\Reference.cs:line 138 at UIPSAT.GetUserDetails.GetUserDetailsbyFullName(String searchValue) in C:\Project\FinalPAT\WebCode\1PSV\UI\GetUserDetails.cs:line 209
Explanation:
I have a asp.net application which calls a web service to search for employee details.
The WS requires certificates and we attach it along the request.
The service is working good on local with local certificate.
It isnt working on Dev server and is giving the above exception.
A sample application runs good on Dev with the Dev certificate.
How do I know what SOAP is sent to the web service?
Also I could not add the reference of the web service directly to the solution as it was protected and Visual Studio IDE could not add it.
However the WSDL file was not protected. It was successfully added and the URL of the Web Service was changed based on the appropriate server environments.
How do check the SOAP Request and Response?

Yes, Fiddler.

You can use WCF Diagnostic message logging facilities. Just config it on your client, the soap messages will be logged. For instance:
<diagnostics>
<messageLogging
logEntireMessage="true"
logMalformedMessages="true"
logMessagesAtServiceLevel="true"
logMessagesAtTransportLevel="true"
maxMessagesToLog="1000"
maxSizeOfMessageToLog="5000"/>
</diagnostics>

You can configure soapUI (http://www.soapui.org/) to act as a logging proxy between your web service client and server. Configure your client to connect to a soapUI proxy instance running on the client host. Configure the soapUI instance to then forward to the service on the remote server.

You can get the trace file to a location. Add the following to the web.Config file :