Azure的网站连接到Xero的合作伙伴申请 [英] Connect Azure Website to Xero Partner Application

问题描述

我在我的集​​成与应用Xero的需要两个证书。我上传他们这个的文章，但我仍然无法连接到 Xero的API 。我希望有人有经验，整合了Xero的合作伙伴应用程序与Azure的Web应用程序。

I'm integrating my app with Xero which requires two certificates. I uploaded them to Azure with help from this article, but I'm still unable to connect to the Xero API. I'm hoping someone has experience integrating a Xero Partner Application with an Azure Web App.

我上传2 PFX文件;一个是自签名证书，另一种是通过发行Xero的合作伙伴证书。后者PFX文件中包含两个证书;一个委托商业私人小组CA1（比任何手段）和我的应用程序唯一的委托身份证明。

I've uploaded two pfx files; one is a self-signed certificate and the other is the partner certificate issued by Xero. The latter pfx file contains two certificates; an Entrust Commercial Private Sub CA1 (whatever than means) and a unique Entrust Id certificate for my app.

我用下面的code。通过其独特的指纹来加载证书：

I'm using the following code to load the certificates by their unique thumbprint:

    static X509Certificate2 GetCertificateFromStore(string thumbprint)
    {
        var store = new X509Store(StoreLocation.CurrentUser);

        try
        {
            thumbprint = Regex.Replace(thumbprint, @"[^\da-zA-z]", string.Empty).ToUpper();
            store.Open(OpenFlags.ReadOnly);

            var certCollection = store.Certificates;
            var currentCerts = certCollection.Find(X509FindType.FindByTimeValid, DateTime.Now, false);
            var signingCert = currentCerts.Find(X509FindType.FindByThumbprint, thumbprint, false);

            if (signingCert.Count == 0)
            {
                throw new Exception($"Could not find Xero SSL certificate. cert_name={thumbprint}");
            }

            return signingCert[0];
        }
        finally
        {
            store.Close();
        }
    }

这工作正常在本地，但在我的蔚蓝的网站，我收到了403.7错误：

This works fine locally, but on my azure web site I get a 403.7 error:

The page you are attempting to access requires your browser to have a Secure Sockets Layer (SSL) client certificate that the Web server recognizes.

我也看着下面引用尝试解决该问题：

I've also looked at the following references to try and resolve the issue:

• 在Azure中 Xero的合作伙伴SSL配置（使用一云服务，而不是一个Web应用程序，所以我不能跟随在最后的步骤）


• 403从文件（主题贴在Xero的加载X509Certificate2故宫时同一个问题的论坛，想通了，分辨率只为再次，云服务）


• Xero的合作伙伴连接和Azure的网站（发布解决方案，建议使用VM）

• Xero Partner SSL configuration in Azure (Uses a cloud service and not a web app, so I couldn't follow the steps at the end)
• 403 Forbidden when loading X509Certificate2 from a file (Thread posted on the Xero forums about the same issue, figured out that the resolution is only for once again; cloud services)
• Xero partner connections and Azure Websites (Posted solution suggests using a VM)

我还没试过：

• 转换我的web应用程序到云服务;尽量避免这样做，但是我不知道涉及哪些步骤。


• 使用VM;我还没有找到如何做到这一点的详细步骤，但似乎比上面一个更好的选择。

错误的截图：

推荐答案

终于得到了这个工作，我会后我的解决方案，以Xero的连接时，希望这将节省开发人员大量的时间和挫折。

Finally got this working and I will post my solution which will hopefully save developers a lot of time and frustration when connecting with Xero.

的Xero的合作伙伴应用程序将不会与Azure的应用服务（网站）工作。你必须与你的自我签名和Xero的合作伙伴证书一起上传两个额外的证书。这些可以在本地计算机上找到，并且可以在CER格式导出（下面这些证书的详细信息）。不能够上传这些证书的Azure应用服务确实是拐杖。他们也有被上传到特定的商店（根/ CA），你不能与应用服务做的。这是我走上与Xero的连接步骤。

The Xero Partner Application will not work with Azure App Services (Web Sites). You have to upload two additional certificates along with your self-signed and the Xero partner certificate. These can be found on your local machine and can be exported in cer format (details of these certificates below). Not being able to upload these certificates for Azure app services is indeed the crutch. They also have to be uploaded to specific stores (Root/CA), which you cannot do with app services. These are the steps I took to connect with Xero.

1. 将我的网站的Azure云服务：我厌倦改变我们的环境，我们已经有一个活的网站。事实证明，云服务在本质上是相同的应用服务;你还是要部署到虚拟机的某个地方。但是，你必须在后端更多的控制，你可以在远程桌面。更多的此处。下面使用链接创建和转换我的网站，以云服务：

1. Converted my web site to Azure Cloud Services: I was weary of changing our environment as we already have a live site. It turns out that cloud services is essentially the same as app services; you still are deploying to a VM somewhere. However, you have more control over the back end and you can remote desktop in. Read more here. Used links below to create and convert my website to cloud services:

• 创建一个新的云服务项目


• 转换现有的网站，以云服务

• Create a new cloud service project
• Convert existing web site to cloud service

4上传证书使用蔚蓝的门户我的云项目。您将需要上传以下内容：

Uploaded 4 certificates to my cloud project using the azure portal. You will need to upload the following:

• 您的自签名证书（您创建这里有一个）


• 将Xero的发行合作伙伴证书（你可能得到它<一个href=\"https://developer.xero.com/documentation/advanced-docs/partner-app-entrust-certificate-instructions/\"相对=nofollow>这里）


• 中级证书委托（这其中应包含文件，你上面下载中.P12内）


• 的委托根证书（这应该是你信任的根存储**）

添加了证书来在云项目我的Web角色。你必须右键点击你的Web角色的属性并转到证书标签。用你上传文件后他们将在门户网站中可见的指纹全部添加4证书，您的Web角色。 记下店铺名称的两个委托证书：

Added the certificates to my Web Role in the Cloud project. You have to right click on the properties of your web role and go to the certificates tab. Add all 4 certificates to your web role using the thumbprint which will be visible in the portal after you uploaded them. Take note of the Store Name for the two entrust certs:

您可能不得不采取了很多的耐心，因为我要通过一步一个拿到。你必须找出新的部署过程中，如何调试本地项目，也可能其他很多令人沮丧的花絮！

You may have to adopt a lot of patience as I have to get through step one. You'll have to figure out the new deployment process, how to debug your project locally, and probably a lot of other frustrating tidbits!

**这是正确的委托根证书可以通过使用certmgr.msc得到：

**This is the correct Entrust Root certificate you can get by using certmgr.msc:

这篇关于Azure的网站连接到Xero的合作伙伴申请的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！