Consuming Service Management API from Web/Worker Role – Method 2

You can find this blog, and lot of other interesting articles about Azure on My Team Blog

In my previous post about the same topic I mentioned there are multiple ways to enable your Web/Worker Role to consume service management API. Here is one more way where we will be leveraging the power of Azure Publish Settings file.

Publish Settings File contains information about your subscription. And that information, once consumed by tools like Visual Studio, let you seamlessly deploy application to Windows Azure. Among other information, it contains a management certificate, which really facilitate the authentication part when you are trying to ‘manage’ your subscription.

We will be leveraging this Management Certificate to get our application code, which is consuming Service Management API, work.

As you may already know, while consuming Service Management API, your code is fetching the management certificate from the local certificate store. Lets assume you are using This MSDN Sample, and you have GetStoreCertificate method which looks like this.

private static X509Certificate2 GetStoreCertificate(string thumbprint)
List<StoreLocation> locations = new List<StoreLocation>

foreach (var location in locations)
X509Store store = new X509Store("My", location);
store.Open(OpenFlags.ReadOnly | OpenFlags.OpenExistingOnly);
X509Certificate2Collection certificates = store.Certificates.Find(X509FindType.FindByThumbprint, thumbprint, false);
if (certificates.Count == 1)
return certificates[0];
throw new ArgumentException(string.Format("A Certificate with Thumbprint '{0}' could not be located.", thumbprint));


As you can see, you are querying your local certificate stores (Current User, Local Machine) and searching for the certificate thumbprint. In my previous post, we discussed how to make your certificate available for this method to work.

Now, lets see how we can avoid all that

1. Download the Azure Publish Settings File ( )

2. Open this file in Notepad –>you will find something like ManagementCertificate=”…….SomeReallyLongString…..” –> copy this string value

3. Now modify your GetStoreCertificate method as following

private static X509Certificate2 GetStoreCertificate(string thumbprint)
X509Certificate2 certificate = new X509Certificate2((Convert.FromBase64String(".....SomeReallyLongString.....")));
return certificate;

Note: You would definitely want to wrap this around a nice try/catch block and will remove the now un-necessary parameter ‘thumbprint’ and follow other good programming practices.

4. Compile and deploy the project to Windows Azure –> it should work nicely

Let’s try to understand why this has worked.

It is the Publish Settings File which is doing the trick. When you downloaded this file (Step 1), there was a new management certificate got created on the Portal. This certificate was represented in the Publish Settings File (MyFileName.publishsettings)by


All we did was pass on this string in our code and all was well since this certificate is already present in the management portal.

Read more about Publish Settings File

What is good about this method:

1. Easier to manage. No startup task or any change in Visual Studio is required

2. No need to create a new certificate separately

3. Cleaner code

What is not-so-good:

The main concerned could be that, by-default you have no control over the management certificate which is created by Windows Azure for you. You may want to use your own customized certificate.

To create Publish Settings File using your own certificate, please refer This MSDN Forum

Hope this helps!


Skip to main content