One of my readers Darryl Dalton contacted me about an idea to use a service account with the Google Analytics Embedded API. I won’t go more into that at this time I plan on turning his idea into another blog post showing you how you can do it with PHP and C#. The point of this article is that Darryl’s web application was working fine in development. However when he tried to deploy the application to Azure he was getting an error.
A little background information Darryl was using a free web app server on Azure. I am quite new to Azure myself I have only been working with it since June. It took me about an hour to get a MVC dummy application up that worked with a service account to request data from Google Analytics. I used the same code I have always used for a service account.
string[] scopes = new string[] { AnalyticsService.Scope.Analytics}; var certificate = new X509Certificate2(keyFilePath, "notasecret", X509KeyStorageFlags.Exportable); var credential = new ServiceAccountCredential(new ServiceAccountCredential.Initializer(serviceAccountEmail){ Scopes = scopes}.FromCertificate(certificate)); // Create the service. varservice = new AnalyticsService(new BaseClientService.Initializer() { HttpClientInitializer = credential, ApplicationName = "Analytics API Sample", });
This code worked fine in my development environment I was able to make a request to Google Analytics and retrieve some data.
[wp_ad_camp_3]
Deployment to Azure
I have never tried to deploy to one of these free web app accounts on Azure so I spent a few minutes figuring that out. I used Visual Stuido 13 I must say deployment was very easy.
Once deployed I checked the site the first error azure came with was the inability to find some of the dlls. Changing the properties on each of the dlls to copy local fixed that, this is probably because the azure server doesn’t have these dlls in GAC.
Then I was faced with the same error Darryl had.
502 – Web server received an invalid response while acting as a gateway or proxy server.
I had no idea what this was. It took me around an hour and a half to track down the problem.
The issue has to do with the way Azure deals with certificates.
By changing
var certificate = new X509Certificate2(keyFilePath, "notasecret", X509KeyStorageFlags.Exportable);
to
var certificate = new X509Certificate2(keyFilePath, "notasecret", X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.Exportable);
By adding X509KeyStorageFlags.MachineKeySet the key is written to a folder owned by the machine. This ensures that Azure can now use the certificate.
Concuslion
If you deploy an application to Azure using the .net client library with a Service account and are faced with the Web server received an invalid response while acting as a gateway or proxy server error message. You only need to add X509KeyStorageFlags.Exportable when you create the certificate.
You ROCK!!! I spent 4 hours last night trying to debug where your solution was breaking when pushed up to azure. Section by section I was logging to a db to let me know if the code had been reached. Finally narrowed it down to this statement where the logger no longer was logging. Thank you for responding to my Q so quickly, logged on this a.m. to find your answer, updated my solution and BAM… its now working on Azure.
Thank you for this and for your blog!!!
Great article and indeed useful. Thanks for sharing