Geek Answers Handbook

Azure API Server failed to authenticate request

I have a task (I tried with the role of the executor and downloaded the console application and ran .exe), which should run once a day and collect Azure Metrics from some of my virtual machines. This works flawlessly locally, but on the cloud service, I get this error:

Unhandled exception: Microsoft.WindowsAzure.CloudException: ForbiddenError: the server was unable to authenticate the request. Verify that the certificate is valid and associated with this subscription. at Microsoft.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSucces ... etc.

The line in which this occurs:

MetricDefinitionListResponse metricListResponse = metricsClient.MetricDefinitions.List(resourceId, null, nspace);

This is part of my code:

  string subscriptionId = "fc4xxxx5-835c-xxxx-xxx-xxxxxxx"; // The thumbprint of the certificate. string thumbprint = "β€Žf5 b4 xxxxxxxx f7 c2"; // Get the certificate from the local store. //X509Certificate2 cert = GetCertificate(StoreName.My, StoreLocation.LocalMachine, thumbprint); //cert = GetCertificate(StoreName.My, StoreLocation.CurrentUser, thumbprint) ?? new X509Certificate2(("manageAzure.cer")); var cert = new X509Certificate2(("manageAzure.cer")); Console.WriteLine("Certificate is : " + cert); // Create the metrics client. var metricsClient = new MetricsClient(new CertificateCloudCredentials(subscriptionId, cert)); Console.WriteLine("metricsClient is : " + metricsClient); // The cloud service name and deployment name, found in the dashboard of the management portal. string cloudServiceName = "abms2-carlsberg"; string deploymentName = "abms2-carlsberg"; // Build the resource ID string. string resourceId = ResourceIdBuilder.BuildVirtualMachineResourceId(cloudServiceName, deploymentName); string nspace = "WindowsAzure.Availability"; // Get the metric definitions. MetricDefinitionListResponse metricListResponse = metricsClient.MetricDefinitions.List(resourceId, null, nspace);

I placed the management certificate in my solution and I download it from there (it is always copied) and the same (and the same) that I use when I run it locally.

So, what kind of "certificate" does he complain about "authentication"? I don’t seem to understand what the problem is. Any help would be greatly appreciated as I have been using this whole day on this!

PS: I am already running this in high mode!

+7
c # certificate azure x509 certificate azure-worker-roles
source share
3 answers

For someone who might have this problem, I solved it as described below: ( http://www.dinohy.com/post/2013/11/12/403-Forbidden-when-Use-Azure-Management -REST-API-on-Role-instance.aspx )

  • Download the publication settings file from: https://manage.windowsazure.com/publishsettings/index?client=vs&schemaversion=2.0 (This is an XML file, you can open it using notepad)

  • Find the ManagementCertificate property, copy the value to a string. To base64 encoded string, you can use this string, create a certificate: string base64Cer = "Value ManagementCertificate"

  • Use this line to create a certificate. var certificate = new X509Certificate2 (base64Cer);

although this last step is not exactly the same as passing the string directly (since the string is too long and throws an exception), it looks like this: var cert = new X509Certificate2 (Convert.FromBase64String (base64cer));

Hope this helps someone else in my position.

+11
source share

Guess ... You are downloading a certificate that you use for authentication from a .cer file. This does not have a private key, so it cannot be used for authentication. I suspect that locally you probably have a private key stored in your private certificate store, assuming that you created the certificate on your machine, which is likely to make it work locally.

In short, try using the pfx file instead of cer. There is a private key in pfx for. If you generated a certificate on your computer using makecert, initially you will only have a .cer file. Use the local certificate manager to find the certificate in your personal store, then export it to the pfx file and include the private key.

+1
source share

This method helped me ...

  public static X509Certificate2 GetCertificate(string certificateString) { if (string.IsNullOrEmpty(certificateString)) return null; var certificateAsBytes = Convert.FromBase64String(certificateString); var certificate = new X509Certificate2(certificateAsBytes); return certificate; }

I also came up with a different scenario. An error occurred while your subscription ID did not match.

Certificate:

 <Subscription ServiceManagementUrl="https://management.core.windows.net" Id="00000000-0000-0000-0000-000000000000" /* -- Subscription Id -- */ Name="Visual Studio Premium with MSDN" ManagementCertificate="" />

I am trying to get credentials like this

The code:

 string subscriptionId = "11111111-1111-1111-1111-111111111111"; // Subscription Id... var credentials = new CertificateCloudCredentials(subscriptionId, x509Certificate2); // Will be varied here...

Where my subscription id is incompatible. So, I got this exception when I try to authenticate my request with "Certificates".

Hope this helps ...

+1
source share

More articles:


All Articles