Test post
Ain’t no IIS: Self-hosting thinktecture IdentityServer v2 – a simple proof-of-concept

Running thinktecture IdentityServer v2 in a Windows Azure Web Role – from zero to hero (a walkthrough)

OK, I think a couple of you guys already did it successfully – others just look for something written. Here we go.

Let's start right away by browsing to GitHub and clone the IdentityServer.v2 repo:

After cloning we have the following code structure in Windows Explorer:

Open Thinktecture.identityServer.sln as an elevated admin (for the Windows Azure Compute Emulator to work correctly). Build the entire solution.

No, choose Add… New project… and add a new Cloud project to the solution.

In the Cloud Service dialog do not choose any new project, just hit OK.

We now add the existing IdSrv WebSite project as a Web Role to the Windows Azure project, just like so:…

For now, the solution should look something like this:

Alright. On to some essential Cloud stuff now.

We need an SSL certificate. I am going to use an existing self-issued cert from my local machine. This of course needs to be a 'real' certificate if you deploy IdSrv as a production STS to Windows Azure – of course

Please head over to WebSite role configuration and the Certificates tab. Specify your desired certificate:

Based on this certificate we now create an SSL endpoint:

OK, this should be it for now.

Let's attack the database side of things. We need a SQL database for our identity configuration and data. I am going to create a new one via the Windows Azure management portal:

Please make a note of the connection string for your SQL database as we still need to change the connection strings inside IdentityServer's configuration files.

Then open up connectionString.config in the Configuration folder inside the WebSite project and adjust the connection strings to point to your SQL database in the Cloud:


    <add name="IdentityServerConfiguration"
    Database=idsrvcloud;User ID=christian@…;Password=...;
    Trusted_Connection=False;Encrypt=True;Connection Timeout=30;"
    providerName="System.Data.SqlClient" />

    <add name="ProviderDB"
    Database=idsrvcloud;User ID=christian@…;Password=...;
    Trusted_Connection=False;Encrypt=True;Connection Timeout=30;"
    providerName="System.Data.SqlClient" />

… drum roll …

F5 (with the Cloud project as the startup project) and pray …

Enter the basic setup information you need to enter and you should be good to go. This locally running instance inside Windows Azure Compute Emulator already uses the Cloud SQL database – just for the records.

Done… well almost … I am spilling the beans already now so that we can save some cycles.

There is an issue with the Membership hash algorithm type on Cloud VMs.

  • Locally: HMACSHA256
  • Azure Cloud Emulator: HMACSHA256
  • Published to Cloud Service: SHA1

So it looks like there must some machine.config setting in Cloud Service images – Microsoft is investigating this.

For us it means we need to set the keys explicitly in web.config (you can use a tool like this):

        validation="HMACSHA256" />


After that we need to export the SSL cert, anyways, so that we can upload it to the Cloud Service , e.g. via the management portal.

And then, we finally can publish & deploy to Windows Azure:

After approx. 8 to 10 minutes we have our thinktecture IdentityServer v2 running up in the Cloud.

Hope this helps.


Feed You can follow this conversation by subscribing to the comment feed for this post.


I was able to deploy everything like you suggested. However, I get a 500 server error. Any ideas? Is there way to see where the 500 error is coming from? What about built in diagnostics.

Thanks in advance.


David Pugmire

So, uh, aren't there 2 databases? config and Users?

Also, what would be great is to use Azure Tables for this - SQL Azure is $$. Perhaps AzureProviders could be adapted here? http://azureproviders.codeplex.com/. I might just look in to a retro fit.

Great article, great project, thanks!

Christian Weyer

Andy & David: thanks for getting in touch - would you please be so kind and ask all IdentityServer related questions/issues over at the GitHub repo?



Is there anything more needed to do than whats in this post?

Tried with latest and it doesn't event start. (Hangs before App_Start)

Christian Weyer

Hm... this should be it :)
Maybe we can take the conversation to email...? christian.weyer AT thinktecture.com

Nick Pateman

Hi there,

I've followed the article but can't get the server to run locally. It craps out with SQL connection errors. I've updated all of the connection strings and connection providers in connectionStrings.config

There's 4 in there at current, your article only shows 2. I updated just those 2 to begin with and when it failed the first time I updated the rest.

Any ideas? Many thanks for your time.

Nick Pateman

Hi again, my bad, I got it working, the connection string copied from azure didn't have the password in and it contained unsuitable characters anyway so I changed it to something more connection string friendly.

The comments to this entry are closed.