Web Apps
Web Apps in Azure App Service provides a scalable, reliable, and easy-to-use environment for hosting web applications. Select from a range of frameworks and templates to create a web site in seconds. Use any tool or OS to develop your site with .NET, PHP, Node.js, Python and more. Choose from a variety of source control options including TFS, GitHub, BitBucket and others to set up continuous integration and develop as a team.
More details about the services are available in the App Service documentation. If you have a technical issue, please open a post on the developer forums through Stack Overflow or MSDN.
Products that we listen to in this space include: App Service, Web Apps, API Apps and Web App for Containers.
-
Online Certificate Status Protocol (OCSP) Stapling
We are seeing some delays in Time To First Byte because OCSP stapling is not active on Azure Web Apps SSL endpoints.
This causes our clients' browsers to call the issuing CA's endpoint before SSL negotiation can really begin.Stapling would save the client browser from having to make an extra request to the CA checking if the certificate has been revoked.
There is also a potential privacy issue for our clients that the CA will be able to log these requests. If the web server takes care of OCSP on the other hand no requests will be sent from…
197 votesWe’ve started deploying the feature to a small set of stamps. We’ll continue to monitor the stamps for performance and validate if the feature is working as expected. Once we are confident there are no issues, we will roll out to all regions.
Thanks,
Oded -
Metric and alert for Web App file system used quota
We would like to setup an automatic alert that fires when the file storage of an app plan is reaching its limits.
Ideally it will be great to have a metric that tells the % of storage (quota) consumed so we can set an alert on top of that metric.
180 votesThis is a great idea and we would like to implement it though there are a few dependencies we need to meet first. We are leaving this on the roadmap for now to see if it gains more customer support which will help with prioritization.
Thanks,
Oded -
Web App and Private DNS zone support
Web App support for using Azure Private DNS Zones without a DNS server to forward requests through. We are able to resolve the private dns queries from a VM that uses Azure provided dns and linked Private DNS zone, but the Web App is not able to do the same when using regional vnet integration. We must set the vnet to use a VM or on-prem DNS server that forwards requests to the Azure DNS IP, which is then able to return the private dns records. For a PaaS implementation, this seems clunky. The use case is to send Web…
176 votes -
Enable 'Connect', 'Log Stream', 'Console' etc for App Service Environment
When you deploy an App Service into an App Service Environment behind an ILB, much of the UI is greyed out. Examples of this is the 'Connect' button, 'Log Stream', 'Console' etc.
I have to manually construct a URL to get to the kudu endpoint right now in order to use the console.
160 votesThanks for bringing this up! This is a known issue and we are working on it. We’ll update the item when complete.
Thanks,
Oded -
Associating Hybrid Connections to Azure App Services cannot be automated
There is no way to associate a Hybrid Connection to an Azure App Service via ARM Template or PowerShell.
This is a significant gap since we cannot automate this at all when that is the driving factor for DevOps and PaaS services.
146 votesWe are looking at options here.
Thanks,
Oded -
Set ARRAffinity cookie with SameSite option
Given the upcoming changes in Chrome, we would like to be able to set the SameSite option of the ARRAffinity cookie (as None, Lax or Strict). Not allowing us to set it to None it means that Chrome will mark it as Lax, meaning that our pages cannot be displayed in an iFrame of 3rd parties.
136 votes -
The Always On setting should have an option to make it sticky to the slot when swapping
This is odd it isn't this way by default but should at the very least have an option to make it sticky so as to not break anyone's current practices (in fact, shouldn't more settings have the option to be sticky?).
The issue here is that an always on slot consumes resources. If for example each app consumes 200Megs of RAM, and I have 5 app services running on a service plan, each app service has 2 slots for swapping, then I need to have Always On turned on unnecessarily for 10 slots (2gigs of RAM consumed for nothing). The…
111 votesMoving the feature request to under review. When we have a clear timeline to share, we’ll update the status.
Thanks,
Oded -
App Service - Allow Named Pipe Activation to be enabled
We would like to use named pipes to communicate between services on the same app service, but this doesn't seem to be possible since named pipe activation isn't enabled in .Net on the app service.
89 votesThanks for the entry. We’re taking a look.
Oded
-
Allow Custom URL Rewrite Handler for Database
Allow installation of a GAC custom rewrite handler for doing URL rewrites on Web Apps using a database backend.
87 votesHi there,
Thanks for bringing this up once more. We will have an internal conversation again about implementing for App Service.
Thanks,
Oded -
Permission for accessing Performance counters
We would like create a custom monitoring solution for our Azure Web Site based projects. Unfortunately the web site and job processes do not have permission to read performance counters.
I understand that this is mandatory for a shared hosting environment. However I see nothing against having such functionality if the user has dedicated instances.
Would it be possible to remove this restriction?
87 votesThis isn’t available yet and we’re leaving the ask under review for now. We’ll come back to the idea when we have news.
Thanks,
Oded -
BYO - Storage for Windows Web Apps
It seems to me a little strange that I can mount Azure Files in App Service on Linux and Web App for Containers but not in standard/regular Web App.
Our specific use case is a big web app spawned across more App Service Env under a Traffic Manager umbrella: for some kind of application logic a regular file system is better (more simple to use / less rework) than use the Storage API.86 votesWe are working on enabling bring your own storage to Windows based Web Apps
-Byron
-
Provide acceptable scale out time for instances in ASE Isolated instance types
Scaling is a core feature of App Services. We used ASE for the additional features however it means we are stuck with 40 mins scale out time to add an instance. Per support this is by design, however this is not documented anywhere in public domain.
Scaling is supposed to help us get customers on to Azure, if it takes 40 mins to add an instance, it will not meet the business needs, we abandoned ASE only due to this issue. Kindly document current scale out time in public documentation so that user know this before hand.
Ultimate goal should…77 votesThanks for the feedback!
You’re right that ASE scaling operations take longer than the common plans on multi-tenant App Service. We are looking at ways to decrease the time so it will on par with multi-tenant but this means a new infrastructure is needed with managing a pool or pre-assigned VMs to the ASEs.
This is documented here, though without a time frame mentioned as it depends on a numbers of factors: https://docs.microsoft.com/en-us/azure/app-service/environment/using-an-ase#how-scale-works.
We will update when there is more information here.
Thanks,
Oded -
Azure App Service Certificate : Add support for EV certificates (Extended Validation)
Azure App Service Certificate permit to have standard SSL and Wildcard. But need to add a new SKU for permit customers to register an EV Certificate too (Extended Validation)
75 votesYou can get EV certificates from Azure Key Vault service today or bring your own certificate from external CA and import it via “Upload Certificate”. You would then have to upload the certificate from Key Vault as documented here https://docs.microsoft.com/en-us/azure/key-vault/key-vault-use-from-web-application
We are looking into how to improve the experience in Azure portal .
-
Provide more secure TLS ciphers
Currently Chrome flags the CBC ciphers as obsolete. CBC ciphers are at the top of the cipher preference list of Azure Web Apps as you can see there: https://www.ssllabs.com/ssltest/analyze.html?d=test.azurewebsites.net
More info: https://www.chromium.org/Home/chromium-security/education/tls#TOC-Cipher-SuitesSo please provide some more secure ciphers from the ECDHE cipher suite like TLSECDHERSAWITHAES256GCMSHA384, TLSECDHERSAWITHAES128GCMSHA256, TLSECDHERSAWITHCHACHA20POLY1305SHA256.
74 votesHi there,
We are constantly reviewing cipher suites and will update more in the future.
Thanks,
Oded -
Automatically rebind SSL Certs that have Auto-Renew
Right now there is a way to purchase and Auto-Renew SSL-Certs for Web Apps. Unfortunately, the Auto-Renew does NOT also bind the new cert to the WebApps where the cert it is replacing is currently bound to.
This makes Auto-Renew more or less useless, as one still has to manually bind the new cert once it becomes available.
A cert with Auto-Renew should automatically bind to all WebApps where the cert it replaces is used.
71 votesHi Thomas,
Some feedback from our team:
We do not update the SSL binding on rare cases, and we do have the code working just that it happens on a different task. This is definitely a bug we will be fixing as soon as we can. Most likely will be dealt with in June.
Thanks,
Oded -
Programmatically associating a Hybrid Connection to an Azure App Service is not possible
I believe that there should be a capability added to Azure App Services to allow for programmatically associating existing Hybrid Connections to an App Service instance. This can be done manually via the portal as shown in the attached image but cannot be done via Powershell, Azure CLI, or Azure REST API. Any upcoming features for this? Or is this already possible but I haven't yet been able to find out how? Thank you.
63 votesThe feature in planned for support and we will update as development proceeds.
Thanks,
Oded -
Access to a populated User.Identity
It would be very valueable to have Access to a "populated" User.Identity in the Controllers. Most of the the time, at least in my apps, my Apis will present user specific Content. Having a populated User.Identity would help alot.
59 votesHello!
At the moment our recommended method for checking the identity of the current user is to check several attributes added to incoming requests. This is to allow your application to go completely in and out of memory on lower priced tiers without “always-on.” Check out the tutorial below for the header names.
https://docs.microsoft.com/en-us/azure/app-service-api/app-service-api-authenticationWe would like to have language specific auth functionality like this in the future. I am placing this item in “unplanned” to be used in future planning sessions.
thanks for your feedback!
Alex
Azure App Service Team -
Linux Static Site on Nginx
One of the most common web techniques today is static generated web sites. Ideally, there would be an option along with Node, Php etc for Static HTML. This would allow configuration for just running Nginx web servers to host static sites.
56 votesThanks for your suggestion, we will evaluate the suggestion and post an update when we have news to share.
Ahmed
App Service Team -
55 votes
With the release of Azure App Service on Linux, we are looking in supporting Golang as a built-in runtime stack. In the meanwhile you can create a custom container that supports Go.
A link of how to use a custom docker container with Web App for Containers:
https://docs.microsoft.com/en-us/azure/app-service/containers/quickstart-custom-docker-imageThanks,
Ahmed, App Service -
Fix export of resource type 'Microsoft.Web/sites/config'
get error :"Could not get resources of the type 'Microsoft.Web/sites/config'. Resources of this type will not be exported. (Code: ExportTemplateProviderError)"
Among the obvious it would be nice to see how to set various app settings like turning off PHP and activating 'Always On' or maybe turning off 'ARR Affinity'.
54 votes
- Don't see your idea?