Windows Azure Tools 2.2 for Visual Studio --Frequently Asked Questions for Integrated Sign In
Visit the Windows Azure forums thread to ask questions or report issues.
The integrated sign-in feature in Windows Azure Tools 2.2 enables users to sign in to Windows Azure directly from Visual Studio 2013, thereby eliminating the need to create, download, distribute and install management certificates to developers.
Once a user has successfully signed in to Windows Azure, Visual Studio has access to all subscriptions associate with the user’s account. Users can perform most actions available in Visual Studio without the need for a management certificate (however, see the Known Issues section below concerning SQL database and mobile services). For example, a user can view and manage Windows Azure services from Server Explorer or publish cloud services and web sites directly from Visual Studio.
You can sign in to your Windows Azure subscription from the Windows Azure node in Server Explorer. Just right click on the Windows Azure node and select Connect to Windows Azure from the context menu or click the Windows Azure icon in the server explorer toolbar.
Yes, you can use the integrated sign-in feature with your existing Microsoft account. That’s the same account that you use to sign in at the Windows Azure Management Portal. The account that you use to sign in must have admin or co-admin permissions for the subscription you want to manage.
Yes, you may have noticed that all Windows Azure accounts now have an associated Windows Azure Active Directory that you can manage from the Active Directory tab in the Windows Azure Management Portal. Visual Studio users can sign in with a user account from that directory if the account is an administrator or co-administrator for one or more Windows Azure subscriptions. An administrator can add a co-administrator for a subscription on the Settings tab under Administrators in the management portal.
Yes, you can sign in with an Office 365 account if the account is an administrator or co-administrator for one or more Windows Azure subscriptions.
Yes, up to 10 user accounts can be added as co-administrators for a given subscription; counting the Service Administrator, that make 11 administrators in total. Each of those 11 users can sign in to the same subscriptions from Visual Studio.
Yes, an individual account can administer multiple Windows Azure subscriptions and each subscription is available from Visual Studio once the user has signed in.
No, not at this time. User must be a Service Administrator or co-administrator in order to access a subscription and sign in from Visual Studio.
Yes, a management certificate (obtained by downloading a publish settings file) is still a fully support means of authentication for accessing your Windows Azure subscription from Visual Studio. You can continue to use your existing management certificates or import new management certificates while also using the integrated sign in. Management certificates provide the same capability as integrated sign in but have the added overhead of creating, distributing and managing the actual certificate.
No, management certificates provide the same set of capabilities as integrated sign in. There is no need to use integrated sign in if you already have access to your subscription using a management certificate. You can also use both management certificates and integrated sign in together.
Both forms of authentication provide the same access to Windows Azure services from Visual Studio. The biggest difference is in ease of use.
Yes, if you need simultaneous access to multiple subscriptions where you do not have administrative access then you should continue to use management certificates. Also if you want to use the SQL Database node or the Mobile Services node in Server Explorer then you need to have a management certificate as well. See the Known Issues section of this FAQ for more information.
Yes, all Windows Azure accounts now have at least one Windows Azure Directory. If you didn’t have a directory already, you’ll notice in the Windows Azure Management Portal that a default directory was recently added to your account automatically. You can view and manage that directory or create new directories from the Active Directory tab in the management portal. You can manage users in a directory from the Active Directory/Users section of the portal.
The Windows Azure Directory can be used as a means of authentication for applications that you build or by 3rd party applications that you allow to use your directory. For example, you may want to create a line of business application for your organization that uses your directory for authentication or authorize a 3rd party applications to use your directory for user authentication purposes. The owner of the directory manages the users and applications that can access the directory and the information that available about users in the directory.
Windows Azure Management Portal, Windows Azure PowerShell, and Visual Studio can also use your Windows Azure Directory for authenticating users that need access to your Windows Azure subscription. However, before any user is authorized to access your subscription, the user must be added as an administrator or co-administrator for the subscription from the management portal. Just adding the user to the directory alone does not grant access to your Windows Azure subscription.
There are a number of known issues with the integrated sign in feature in the 2.2 SDK release that are called out below.
After trying to connect to Windows Azure you may receive the following message “No Windows Azure Subscriptions were added. Sign in with an account that has subscriptions”. This message indicates that either 1) you could not be authenticated with the credentials provided or 2) you were authenticated with an account that does not have an associated Windows Azure subscription. To correct this problem, sign in with valid credentials and ensure that your account is a Service Administrator or co-administrator for at least one Windows Azure subscription. You can manage administrators from the Setting tab in the Windows Azure Management Portal.
The SQL Database and Mobile Services nodes in Server Explorer do not support integrated sign in at this time. Those nodes still require a management certificate for authentication with Windows Azure.
The integrated sign-in feature allows users to be signed in with one account at a time. Once signed in, Visual Studio can operate on all subscriptions for which that account is an administrator or co-administrator. If you need to simultaneous access multiple subscriptions that do not have a common administrator you should continue to use management certificates for authentication.
When a user has both management certificate and account access to the same subscription, the Windows Azure Web Sites shown in Server Explorer may be duplicated. To avoid this duplication, use only one means of authentication (either certificate or account) for each subscription or simply remove the management certificates from the Manage Subscriptions dialog.
After signing in with a federated account (an account using ADFS sign in), you may not be able to sign out from Visual Studio. In order to correct this problem you will need to close Visual Studio and restart to sign in with different credentials. Under some circumstances you may need to clear cookies from your browser cache as well.
At some point after you have successfully connected Visual Studio to Windows Azure, your authentication token will expire and you will be required to enter your account credentials in order to re-authenticate. The lifetime of the authentication token is determine by the authentication provider and will vary from as short as one day up to several weeks. When your token does expire, you may see the following message “You are currently signed in as username, Sign out and Sign in as a different user”. Simply click OK and enter your credentials on the Sign In dialog in order to refresh your expired authentication token.
User will see this message if they enter organizational credentials (like firstname.lastname@example.org) on the Sign In dialog that is specific to Microsoft accounts. To correct this problem, close the Sign In dialog and the Manage Subscriptions dialog and try again. After signing out and re-entering, you will have the opportunity to sign in with an organizational account.