Recently while working on providing Windows Azure Service Management capabilities in Cloud Storage Studio, I ran into a weird problem.
As you know in order to invoke Azure Service Management API you would first need to upload an X509 certificate in Windows Azure portal and then pass this certificate in every service management request.
The problem I ran into is if I run the application as an Administrator (Run As Administrator option) everything worked well however if I run the application as is (just by double clicking on the application short cut), the service always returned a 403 error. For some reason it was dropping the certificates from the request.
I ended up putting a post on MSDN forums:
http://social.msdn.microsoft.com/Forums/en-US/ncl/thread/7aaaf92b-6183-4317-85fa-6838e8935265
Upon further reading I was directed towards some more threads which you can find here and here. And that’s when I found that my local account (though in Administrator role) did not have access to those certificates private keys. Once I granted access to my local account to the certificate, everything started working well.
Here is how you can do the same:
1. Download Windows HTTP Services Certificate Configuration Tool (WinHttpCertCfg.exe) from Microsoft download center and install it.
2. Go to command prompt and first see if your user account has the permission on the certificate or not. To do that, type the following:
cd C:\Program Files\Windows Resource Kits\Tools
WinHttpCertCfg -l -c LOCAL_MACHINE\MY -s "CERTIFICATE NAME"
3. To add an account which will have access to the certificate, just type the following command:
WinHttpCertCfg -g -c LOCAL_MACHINE\MY -s "CERTIFICATENAME" -a "DOMAIN\USERNAME"
Hope this helps.