The objective of this hands-on lab is to move an existing on-premisses ASP.NET web application that uses federated identity to Windows Azure.
Sections:
Open Internet Information Services (IIS) Manager and stop the site “www.rp.ciws” created before.
On Microsoft Visual Studio 2010, open the solution “FirstRelyingParty”. Click on File -> New -> Project, select the Windows Azure Project template (C#) and name the project “FirstRelyingPartyAzure”. Make sure “Add to solution” is selected on the drop-down menu “Solution”, otherwise another solution will be created. Don’t add any roles to the Azure project.
Add the web application created before to the Azure project. Click on Add -> Web Role Project in solution (on the “Roles” context menu). Select the project “FirstRelyingParty” on the dialog window that appears.
Test the application (Debug -> Start Without Debugging). The address for the deployment on the local development fabric is http://127.0.0.1
. See that an error is returned:
ID1059: Cannot authenticate this page because the URL scheme is not https and therefore the authentication cookie, which requires https, will not be sent. Change the URL scheme or set requireSsl = false on the cookieHandler element in configuration.
Add www.rp.ciws certificate to the Azure project
Add a HTTPS endpoint to the Azure project
On Azure’s Management Portal, click on “New Hosted Service”. Type a name for the service and the URL prefix. For the URL prefix, follow the pattern gXX-rp-ciws
, XX
being the number of your group.
On Azure’s Management Portal, select the “Certificates” node and click on “Add Certificate”. In the dialog box that appears, select the PKCS#12 file corresponding to your group and type the password (changeit
).
After upload, the certificates should appear below the “Certificates” node.
If the package is uploaded now, with <customErrors mode="Off" />
in Web.config
, the following error would appear:
Could not load file or assembly ‘Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35’ or one of its dependencies. The system cannot find the file specified.
This is because WIF isn’t installed on the virtual machine.
Add a Startup task on the service definition file (ServiceDefinition.csdef
):
<WebRole>
...
<Startup>
<Task commandLine="Startup\InstallWIF.cmd" executionContext="elevated" taskType="simple" />
</Startup>
</WebRole>
Create a new folder on the FirstRelyingParty
project called Startup
Create a new text file called InstallWIF.cmd
with the following commands:
@echo off
sc config wuauserv start= demand
wusa.exe "%~dp0Windows6.1-KB974405-x64.msu" /quiet /norestart
sc config wuauserv start= disabled
This code enables the Windows Automatic Update Service and installs WIF (the stand-alone update file Windows6.1-KB974405-x64.msu
)
Add the file Windows6.1-KB974405-x64.msu
to the Startup
folder.
Change the Copy to Output Directory
property to Copy always
for both files
Change the value of the attribute osFamily
of ServiceConfiguration
(in ServiceConfiguration.cscfg
) to 2. With this, the virtual machine’s operating systems will be based on Windows Server 2008 R2.
Add the relying party to ACS and change <microsoft.identityModel>
configurations in Web.config
.
Publish the project to Azure. WIF should now be installed. To troubleshoot problems you can connect to the virtual machine with Remote Desktop.