We Keep Coding

Deployments to Pivotal CloudFoundry installation with a self-signed certificate

We have a test installation of Pivotal Cloud Foundry.
It has a self-signed certificate, so I have not been able to use the cloud foundry maven plugin to perform uploads. Instead, I have been trying to use cloudfoundry-client-lib java client.
cloudfoundry-client-lib has a setting to ignore self-signed certificates, so I am able to log in to our PCF installation with it and perform passive operations, such as listing applications. However, uploads are failing.
I'm trying to upload a 23M zipped Spring Boot app jar. (Also tried it as a jar.) The same application itself has successfully been pushed previously to our PCF installation via 'cf push' . Installing cf-cli is not an option from our Jenkins box.
Uploads result either in a "connection reset by peer" or a broken pipe error.
Has anybody been able to upload or push to a PCF installation that's using a self-signed certificate ?
Code below:
public static void main(String[] args) {
String target = "api.sys.dev.##.##.##.com";
String user = "me";
String password = "secret";
String uploadFilePath = "./myapp.zip";
CloudCredentials credentials = new CloudCredentials(user, password);
java.net.URL URL = new java.net.URL(target);
CloudFoundryClient client = new CloudFoundryClient(credentials, URL, true);
File archiveFile = new File(uploadFilePath);
client.uploadApplication("myappname", uploadFilePath, new FileInputStream(archiveFile),
new uploadCallback(logger) );
client.logout();
}
dependency section from pom:
<dependency>
<groupId>org.cloudfoundry</groupId>
<artifactId>cloudfoundry-client-lib</artifactId>
<version>RELEASE</version>
</dependency>

How to use environment variable with IIS user

I have a WCF service that runs a .bat file. It works on my local system, but I have a problem with running it on the server (Windows server 2012 r2).
I've defined the ANT_HOME variable to server's environment variables and I've added %ANT_HOME%\bin to Path variable.
When I write "ant" to CMD on the server it works! But when I call the wcf service from somewhere, it doesn't work.
I found the following error in the log files:
'ant' is not recognized as an internal or external command,
operable program or batch file.
According to this log, I understand that IIS user cannot use the ANT_HOME variable which is already defined.
What I have tried so far:
identity impersonate
giving full permission to IIS user

What version of IIS are you running? If you are running a version where you can create a separate Application Pool for your service then do so and give this Application Pool an identity that has the right PATH or defines ANT_HOME for that user. I always like adding a Ping type method to all my services so I can ask the service who it is running as and where it is running. It is great for troubleshooting and testing WCF services.

Azure web service as a client to an external service, using a client-side certificate

I need to write a web service and host it in Azure. This service in turn consumes another service from an external site. Therefore, my azure-hosted service is a client to this externally-hosted service. When I make a request of the other service, I need to include a client-side certificate in my request.
Has anybody successfully done this? Is it possible to install a certificate in a web instance in azure? Would it survive the instance restarting? If so, pointers would be appreciated.
I have never worked with client-side certificates (even on a "real" client) so please forgive me if this is a newbee question.

The certificates that are uploaded in the cloud service (see the certificates tab under that cloud service in azure portal), which will host your webrole, will be available in the VM of that webrole. So you can access it from the certificate store and use it while making the external web service call.
A sample is given in this stackoverflow post.
Accessing a web service and a HTTP interface using certificate authentication

You can either add certificate via azure management portal, and azure will add it to machine certificate store once it deploy your application on the VM, or you can keep it with your application, for example as embedded resource and load it manually and use with your webservice call. Like this :
private X509Certificate2 GetAuthCertificate()
{
var assembly = Assembly.GetExecutingAssembly();
Stream stream = null;
var resources = assembly.GetManifestResourceNames();
foreach (var resource in resources)
{
if (resource.EndsWith(certificateFilename))
{
stream = assembly.GetManifestResourceStream(resource);
break;
}
}
if (stream == null)
throw new Exception("Certificate not found in embedded rersources");
using (var ms = new MemoryStream())
{
stream.CopyTo(ms);
var result = new X509Certificate2(ms.ToArray(), "password", X509KeyStorageFlags.Exportable);
return result;
}
}

How do I setup a asmx web service in Azure that accepts a client certificate?

I apologize in advance if the question is ridiculous.
I have an asmx service running in Azure (HTTP - no SSL).
I have a WPF app that loads a X509Certificate2 and adds it to the request by doing the following:
X509Certificate2 cert = new X509Certificate2("...");
webRequest.ClientCertificates.Add(cert);
In the web service I get the certificate by
new X509Certificate2(this.Context.Request.ClientCertificate.Certificate)
And then I load a cert (that I have both uploaded to the Azure control panel and added to my service definition file) by using the following sample:
var store = new X509Store(StoreName.My, StoreLocation.LocalMachine);
store.Open(OpenFlags.ReadOnly | OpenFlags.OpenExistingOnly);
X509Certificate2Collection certs = store.Certificates.Find(X509FindType.FindBySubjectName, certName, true);
And then I validate by doing the following:
clientCert.Thumbprint == certs[0].Thumbprint
Now unfortunately I get an exception (System.Security.Cryptography.CryptographicException: m_safeCertContext is an invalid handle) as soon as I do
Request.ClientCertificate.Certificate
So I have a few questions. How do I avoid the exception. This answer states I need to modify an IIS setting, but how can I do that in Azure?
In any case is this even the proper way to do certificate authentication?
Thanks!

You can use command scripts to modify IIS, in combination with appcmd.exe.
For a quick example (disabling timeout in an application pool), take a look at this sample by Steve Marx.
In this example, you'd call DisableTimeout.cmd as a startup task. For more info on creating startup tasks, you can watch this episode of Cloud Cover Show. There should be a lab on startup tasks in the Platform Training Kit as well.
Just remember that any type of IIS configuration change should be made via an automated task at startup. If you manually change IIS via RDP, those changes won't propagate to all of your instances, and won't remain persistent in the event of hardware failure or OS update.

You can remote into your azure instances to manage IIS. As for a way to do it globally for all instances at once, I'm not sure. That would be an interesting side project though.
http://learn.iis.net/page.aspx/979/managing-iis-on-windows-azure-via-remote-desktop/

change asp.net 2 web service address

I'm developing an application that includs a web service, on development time I run the service locally on my pc, than I publish the service to a remote server,
I wanna know how can I take the web reference that I got and just change the address of the service to the remote server to check that every thing is ok

You can set the service URL usign the Url property:
MyWebService.Service1 service = new MyWebService.Service1();
service.Url = NEWSERVICEURL;

Right click on your Web reference, click properties, and choose Url behavior: Dynamic in properies window. The URL of the Web service will be automatically mapped to a configuration option in the Web.config file that you can change easily, without recompilation: