403 Error on Azure API Only After Deploying to IIS

Question

I think I have read every single thing on the internet about this (bold statement I know) but I can't work it out...

I have a very simple webpage that gets the status VMs on Azure, which works fine on my machine. I created a Cert on my local machine with makecert and debug runs fine. After deploying it to another server on IIS all I get is 403 errors.

Things I tried:

1. Exporting Cert from my dev machine with private key and importing onto the test server
2. Creating new Cert with makecert (edit: recreated the cert on the server I want to deploy to) (according to this link from MSN ), upload to Azure, update code to search for new thumbprint, redeploy and admire the same error msg..
3. Both times I changed the app pool identity to a user account that is log-on-able (and reverted)
4. Tried with cert as both localmachine and current user, with user updated in the app pool

I changed my get cert code to more resemble an answer from a similar question, but finding the cert doesn't appear to be the issue.. if I remove the cert created on the server, I get a different error.

var store = new X509Store(StoreName.My, StoreLocation.CurrentUser);  
store.Open(OpenFlags.OpenExistingOnly | OpenFlags.ReadOnly);

var certificate = store.Certificates.Cast<X509Certificate2>().SingleOrDefault(c => string.Equals(c.Thumbprint, thumbprint, StringComparison.OrdinalIgnoreCase));  // please replace CertificateThumbprint with original Thumbprint

        return certificate;

Ref: how to connect to azure (management) rest api via C# in IIS

Code to create HttpClient:

WebRequestHandler handler = new WebRequestHandler();
String CertThumbprint = _certthumbprint;
X509Certificate2 managementCert = FindX509Certificate(CertThumbprint);
if (managementCert != null)
{
   handler.ClientCertificates.Add(managementCert);
   HttpClient httpClient = new HttpClient(handler);
   httpClient.DefaultRequestHeaders.Add("x-ms-version", "2014-05-01");
   httpClient.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/xml"));
            return httpClient;
        }

Retrieve VMs Code:

String uri = String.Format("https://management.core.windows.net/{0}/services/hostedservices/{1}/deploymentslots/{2}", _subscriptionid, ServiceName, "Production");
            XDocument vms = new XDocument();
            vms.Add(new XElement("VirtualMachines"));
            ApplyNamespace(vms.Root, ns);

            try
            {
                HttpClient http = GetHttpClient();
                Stream responseStream = await http.GetStreamAsync(uri);

                if (responseStream != null)
                {
                    XDocument xml = XDocument.Load(responseStream);
                    var roles = xml.Root.Descendants(ns + "RoleInstance");
                    foreach (XElement r in roles)
                    {
                        XElement svcNamee1 = new XElement("ServiceName", ServiceName);
                        ApplyNamespace(svcNamee1, ns);
                        r.Add(svcNamee1);
                        vms.Root.Add(r);
                    }
                }

            }

This code is currently about 95% copy and paste from here

Answer 1

The resolution for me in this case was to create a new Publishsettings file via powershell and import that on the server via powershell. Then use the thumbprint from that in code. Making a cert on the server and uploading to Azure still doesn't work for whatever reason...