Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to configure SSL on a self hosted Web API in Azure Service Fabric

Tags:

asp.net-web-api

owin

asp.net-web-api2

azure-service-fabric

I have followed this article to setup an OWIN self hosted Web API within an Azure service fabric stateless service.

I also found this article which describes setting up an HTTPS endpoint within an Azure service fabric service.

  ...
  <Certificates>
    <EndpointCertificate Name="TestCert1" X509FindValue="FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF F0" X509StoreName="MY" />  
  </Certificates>
  ...

How do I configure the SSL certificate for my WebAPI service within service fabric? When I access my service fabric cluster in the Azure portal, the "Certificate" textboxes are greyed out.

In other Azure services their is typically a area to upload certificates which can then be referenced by the application.

Do I need to manually include my certificate in the service fabric package and install it into the certificate store before it can be referenced?

In addition does azure provide a HTTPS cert for *.cloudapp.azure.com that can be used during development?

like image 803
Wallace Breza Avatar asked Feb 10 '16 04:02

Wallace Breza

People also ask

Does Azure App Service use Kestrel?

Yes, when you publish to Azure Web Services, IIS is used to host your application. As you said, it acts as a reverse proxy to your application, which is running Kestrel HTTP server.

What platform does Azure service fabric use?

Azure Service Fabric is a Platform as a Service (PaaS) offering designed to facilitate the development, deployment and management of highly scalable and customizable applications for the Microsoft Azure cloud platform. Fabric, in this context, is a synonym for framework.

1 Answers

To secure an OWIN Self-Hosted API in SF with SSL, you can follow the different scripts and example config I've compiled:

https://gist.github.com/andersosthus/c483eaf8630219c789de

The basic flow goes like this:

  1. Upload a certificate to KeyVault (uploadCertToKeyVault.ps1)
  2. Install the certificate to your SF VMs (installCertOnVm.ps1)
  3. Configure the Endpoint section of your ServiceManifest
  4. Configure the ManifestImport and Policy section of your application manifest

Step 1 & 2 can be skipped, but then you need to log in to each VM and install the certificate manually.

For VMSS: To install certificates from KeyVault onto a VMSS with ARM, do the following: In your VMSS template, under the OSProfile section, there is section called secrets. Here you can configure the sourcevault and add certificates to be installed.

This works like all other ARM templates. You can add a certificate to this list at a later point and redeploy the template. The certificate will then be installed on your VMSS.

like image 79
anderso Avatar answered Nov 06 '22 01:11

anderso
Sign in to Comment

Related questions

Correct use of EnsureSuccessStatusCode and IsSuccessStatusCode
Send large file from WebAPI.Content Length is 0
Do I need to call context.dispose when adding the dbcontext with DI?
Asp.net Web API normalize arguments
(400) Bad Request when trying to post simple value to an API
Carrying per-request context using the HttpRequestMessage.Properties
ASP.Net Web API doesn't read all bytes from StreamContent
MVC 4 Web Api Post
Passing array of integers to webapi Method
Dynamic model binding with ASP.NET WEB API
IIS - the request is rejected by HTTP filter when there are european char in the url
Reading XML content from Body of WebAPI call is cut off at beginning
WebApi2: Custom parameter binding to bind partial parameters
Getting the current MediaTypeFormatter from the Request object, possible?
Remove Cookie from Web API 2 Response
Microsoft.Data.Edm vs Microsoft.OData.Edm: what is the difference? [duplicate]
Log 500 Errors in WebApi 2
Cross origin SignalR connection stops after negotiate
WebApi Controller - Send Mail Async
Set JSON CamelCase per Web API request

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!