Add keys to register in azure

WebTGI Tecnologia 5

In order to access a extern API, i need to create a key and some values on this register path:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Messaging,

otherwise all my resquests to this API receive no content in a response, with a status code = 0.

I have done some local tests and only got to this solution on a developers forum of the company that owns the API. The solution worked fine locally as soon as I added this key with this key value: "MessageLimitServerClientAuth" /t REG_DWORD /d 0x00065536.

Is it possible to add this keys on azure? Tried commands in CMD that works locally, but i receive a error message in azure's CMD. Example:

reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Messaging /v "MessageLimitServerClientAuth" /t REG_DWORD /d 0x00065536

1 answer

Ryan Hill 28,631 Reputation points Microsoft Employee

2024-05-06T22:02:06.37+00:00

Hi @WebTGI Tecnologia,

Due to the restrictions of the app service sandbox, you can't write to any registry keys of any sort. It would be helpful to understand more about the use case of needing to add reg key for accessing an external API.

The best option is to leverage App Configuration and create a key and value where the key is MessageLimitServerClientAuth and the value to your hexadecimal number. If you're not familiar with using App Configuration, see the following quickstart; https://learn.microsoft.com/en-us/azure/azure-app-configuration/quickstart-dotnet-core-app?tabs=linux, to get started.

If the need of a registry key is coming from a requirement of a 3rd party library or software, then your only option is to use an Azure Virtual Machine.
Please sign in to rate this answer.
WebTGI Tecnologia 5 Reputation points

2024-05-07T11:47:45.63+00:00

Hi Ryan, thank you for your quick response. The issue I have is related to the size of a handshake message, since the response of a request to this API is bigger than Windows default configuration, and that is why I receive no content.
I'm trying to find a workaround since, but so far all threads i have found lead to adding a key to registry.
Here is a example:
https://stackoverflow.com/questions/68986895/how-to-increase-the-tls-handshake-size-in-net

If you have any tips of a option to workaround, it will be appreciated.

Thanks.

Ryan Hill 28,631 Reputation points Microsoft Employee

2024-05-08T14:46:45.75+00:00

@WebTGI Tecnologia just reiterate, you won't be able to add a reg key to an app service. Furthermore, you don't have any access to the front-end load balancer that's responsible for forwarding your request, see https://learn.microsoft.com/en-us/archive/msdn-magazine/2017/february/azure-inside-the-azure-app-service-architecture to learn more about the implementation.

Having said that, there is work done to ensure configurations and setting are configured to address the majority of scenario workloads. Just to confirm, you have already attempted the API call from your app service, correct? Can you provide the name of the external API?

Ryan Hill 28,631 Reputation points Microsoft Employee

2024-05-10T16:08:13.4966667+00:00

@WebTGI Tecnologia just following up. If you've already attempted to call the API and you don't receive a response due to the SCHANNEL size, going the VM route will be the most prudent course of action. I can share your experience so that SCHANNEL size can be evaluated for a possible change.

WebTGI Tecnologia 5 Reputation points

2024-05-24T17:50:32.9933333+00:00

Hi Ryan, sorry for the delay to answer.
Yes, I have tried using my app service and confirmed using logs to see the response i'm receiving while deployed, the same version that is working locally when I have the Schannel size changed by register.
It's a API to execute payments in batches, from a bank here in Brazil called "Banco do Brasil". The API is simply called "batch payments".
I will take a look into VMs for this, and to deploy in a Linux based service, since i'm working with .net core, but I was not able to deploy on this app yet, and I'm now working on understanding why.
Thank you for the support and the time spent to help me.
Sign in to comment

Use comments to ask for clarification, additional information, or improvements to the question.

Share via

Add keys to register in azure

1 answer

Your answer