If you are trying to Embrace SSL During Development when authenticating with Azure Active Directory, you may run into a little glitch if you do so on one of those handy MSDN Dev/Test VMs in Azure.
The glitch is that when running SSL on the MSDN VM the digital certificate for the SSL cert isn’t quite right. Here is a description of what you might see, followed by a workaround (until fixed at the source in the VM image).
The Problem
Visual Studio 2013 uses IIS Express by default and offers a very simple experience for HTTPS locally:
- Create a web application
- Look at the properties for ‘WebApplication1’ and you’ll see an option SSL Enabled — by default it is false, but change it to true
- By setting SSL Enabled to true, you will now have a value forSSL URL which is something like https://localhost:44300 or above (ports 44300-44399 are reserved for this I think, and next new project gets next available – check out C:\Users\YOURACCOUNT\Documents\IISExpress\config\applicationhost.config to see the bindings that were set up)
- Hit F5 to run, and if you can navigate to the HTTPS URL and you get the “hey, this cert isn’t trusted!” warning, but otherwise works fine — at least on the desktop. The behavior is different in the MSDN Visual Studio Azure VMs (NOTE: these are very specific VMs, described here – for those of you interested in taking advantage of those specially licensed VM resources associated with MSDN accounts).
Using MSDN Visual Studio Azure VMs, this developer experience does not quite work out of the box. SSL Enabled is true automatically when creating an ASP.NET app that uses Azure Active Directory for org authentication. If you create a new web app, then simply click Change Authentication and select Organizational Accounts, set one up, and then proceed as normal, then hit F5. When your app runs, it will try to authenticate over HTTPS, and it fails as in the scenario above if running on one of these MSDN Visual Studio Azure VMs.
The Solution
Follow these steps:
- RDP into your MSDN Visual Studio Azure VM
- Paste the following into a PowerShell Window and run them:
- $thumb = (dir Cert:\LocalMachine\my | Where-Object Subject -eq ‘CN=localhost’ | Select-Object Thumbprint –First 1).Thumbprint
- if ($thumb –ne $null) { del Cert:\LocalMachine\my\${thumb} }
control /name Microsoft.ProgramsAndFeatures
The above code will work in the default state of these VMs at this time which assumes only a single certificate with Subject of ‘CN=localhost’ is present in the certificate store.
- Right-click on IIS Express and select Repair.
- Celebrate your now functioning local F5-ready SSL experience.
[This is part of a series of posts on #StupidAzureTricks, explained here.]
Like this:
Like Loading...
Coding Out Loud 