Azure DocumentDb Error: “The input authorization token can’t serve the request”

I had an interesting one today whereby our stable Azure DocumentDb .Net code was throwing the following error on a newly built environment:

The input authorization token can’t serve the request. Please check that the expected payload is built as per the protocol, and check the key being used. Server used the following payload to sign: ‘get

mon, 12 oct 2015 08:08:12 gmt’

A quick Bingle suggested that it might be related to the clock time on our IaaS VM being slightly out, but that didn’t seem to be the issue as the clock was correct.

Checking the configuration, it would appear that we had the correct DocumentDb Auth Key (e.g. tne5aIAUkDMM2mtgkuXkhaAa…5AsKIGH3BSZEBdQXSwWrH+nXw==), but an incorrect Endpoint Url (e.g. https://[INCORRECT]

Updating the configuration to the correct DocumentDb Endpoint Url & Auth Key solved the issue.

Hoping this gets added to the various search-engine indexes to help others with this issue in the future.

Upgrade Azure Cloud Service Web & Worker Roles to Azure SDK for .Net v2.7

I’ve put off upgrading my current project’s Web & Worker Roles from v2.5 of the Azure SDK for .Net to v2.7, thinking it would introduce a large number of breaking changes. But, with a little project downtime, I decided to bite the bullet and was surprised at just how painless the whole process was.

In this blogpost I’ll therefore talk you through the process of upgrading your existing Azure Web & Worker Roles to the latest version of the Azure SDK for .Net.

Download v2.7 of the Azure SDK for .Net

Grab a copy of the SDK from the Microsoft Downloads page and while its downloading, take a look at the Release Notes for this version of the SDK – there isn’t anything specifically relating to Cloud Services / Web & Worker Roles, but I can assure you that the Azure Compute Emulator is MUCH faster and FEELS more stable.

Once the SDK is downloaded, run the Web Platform Installer – this version of the SDK will live quite happily alongside previous versions, but you will need to shutdown any open instances of Visual Studio.

Upgrading (Web & Worker Role) Cloud Service Projects to Azure SDK for .Net v2.7

Once you have the latest version of the SDK installed, upgrading your existing Cloud Service projects is really simple:

Before you upgrade, I would suggest that you check-in or shelve any pending changes you may have as lots of changes will be made to your Cloud Services and supporting Class Library projects – you don’t want to be muddling these changes up with your own changes!

1. Right-click the Cloud Service you want to upgrade and select ‘[Project] Properties’, or press Alt+Enter

2. On the Project Properties page, you will see that you can upgrade the project to the latest version of the SDK – click the ‘Upgrade’ button:

Upgrade Azure Cloud Service Project - Project Properties

Your project will be automagically upgraded, along with assembly references in your supporting Worker Role Class Library. Project Properties will also show that you’re running against the latest version of the SDK:

Upgrade Azure Cloud Service Project - Project Properties - After Upgrade

One point to note is that your ServiceDefinition.csdef, ServiceConfiguration.Local.cscfg and ServiceConfiguration.Cloud.cscfg will be updated:

Upgrade Azure Cloud Service Project - Service Definition File Changes

The change is minor, but important – the schemaVersion attribute on the ServiceDefinition element of the Xml configuration file will change from version ‘2014-06.2.4‘ to version ‘2015-04.2.6‘ as you can see in this comparison screenshot:

The reason that I’m bringing this to your attention is that if you have external environment specific Service Configuration files that were originally based on these files (we have separate DEV, SIT, TRG, UAT and PRD versions in source control), you will also need to update the schemaVersion attribute in these config files. If you don’t, subsequently Cloud Service deployments will fail.

3. Build your Cloud Services project and deploy to Azure as usual.

4. Happy PaaS-ing!

Quickly Configure Remote Desktop for Azure Worker Roles

We recently discovered that you can quickly and easily configure Remote Desktop for an Azure Worker Role instance directly from the Azure Portal, which saves the pain of doing it through Visual Studio (or if you forgot to add Remote Desktop to your deployment package in the first place from Visual Studio).

The setup is easy:

1. Navigate to your Worker Role in the Azure Portal and click on the Configure tab, then click on the Remote option at the bottom of the screen:

Azure Worker Role - Configure Remote Desktop from Portal

2. In the Configure Remote Desktop wizard, select the role to configure, provide a username and password, followed by an expiry date for the supporting certificate:

Azure Worker Role - Configure Remote Desktop Wizard

The status bar will notify you once the configuration is complete:

Azure Worker Role - Reconfigure Operation Completed2

4. To connect to your instance/s, navigate to the Instances tab in the Portal, select the instance you want to connect to and click the Connect option:

Azure Worker Role - Connect to Remote Desktop from Portal2

5. A .rdp file will be downloaded, allowing you connect to the Worker Role instance using the username and password supplied in step 2:

Azure Worker Role - Remote Desktop Security Dislog

Happy Worker Role RDP-ing!

Visual Studio Paste Special – Paste Xml and JSON as Classes

I caught this great little tip while listening to the fantastic .Net Rocks Podcast – you can use the ‘Paste Special’ command in Visual Studio to create classes from raw Xml and JSON. Seriously, this previously unknown (to me) functionality is amazing and will save me a LOAD of time!

Paste Xml as Classes

In the animated GIF below, you can see just how easy it is to create classes from Xml input – simply copy the Xml, select ‘Paste Special  -> Paste XML as Classes’ from within Visual Studio and BAM! we have a class corresponding to the Xml on the clipboard:

Visual Studio - Paste Special - Paste XML as Classes

The example Xml shown here is a stripped down version of the Books Xml taken from the MSDN website at:

Paste JSON as Classes

The same also works for JSON:

Visual Studio - Paste Special - Paste JSON as Classes

In case you’re interested, I created the GIF animations using the fantastic ScreenToGIF tool which is available on Codeplex at

Happy class generating!

Creating Personal Information Exchange (.pfx) Files from Separate Public and Private Key Files

This blog post forms part of a larger series of posts looking at setting-up a SFTP Server for integration testing purposes.

Some Certificate Authorities (CAs) use different file formats to store public and private keys. For example, some CA’s store the certificate’s private key in a Private Key (.pvk) file and store the certificate and public key in a .spc or .cer file. The makecert tool will also generate separate .cer (public key) and .pvk (private key) files. Where this is the case, you may need to merge the two files into a Personal Information Exchange (.pfx) file.

Imagine you have created a set of self-signed keys using the makecert command on the VS Developer Command Prompt (Server.cer is the public key and Service.pvk is the private key):

makecert -r -pe -n "CN=Modhul" -sky exchange Server.cer -sv Server.pvk

In order to create a PFX file, we need to merge the .cer (public key) and .pvk (private key) files using the following command, again on the VS Developer Command Prompt:

pvk2pfx.exe -pvk Server.pvk -spc Server.cer -pfx Server.pfx

The Server.pfx file is our newly created Personal Information Exchange (.pfx) file.

Further information about the pvk2pfx tool can be found at: