Web Apps
Web Apps in Azure App Service provides a scalable, reliable, and easy-to-use environment for hosting web applications. Select from a range of frameworks and templates to create a web site in seconds. Use any tool or OS to develop your site with .NET, PHP, Node.js, Python and more. Choose from a variety of source control options including TFS, GitHub, BitBucket and others to set up continuous integration and develop as a team.
More details about the services are available in the App Service documentation. If you have a technical issue, please open a post on the developer forums through Stack Overflow or MSDN.
Products that we listen to in this space include: App Service, Web Apps, API Apps and Web App for Containers.
-
Enable 'Connect', 'Log Stream', 'Console' etc for App Service Environment
When you deploy an App Service into an App Service Environment behind an ILB, much of the UI is greyed out. Examples of this is the 'Connect' button, 'Log Stream', 'Console' etc.
I have to manually construct a URL to get to the kudu endpoint right now in order to use the console.
160 votesThanks for bringing this up! This is a known issue and we are working on it. We’ll update the item when complete.
Thanks,
Oded -
Hybrid Connection Manager Support for Linux
We are an ISV leveraging Azure PaaS to provide an iPaaS service to customers. We have a requirement to connect to on premise servers to access line-of-business apps. Currently, we leverage Azure’s Hybrid Connection Manager --- but are limited to Windows servers only. Our customers have both Windows, Linux and mixed environments. This considerably limits our market.
Can we expect Linux support? If so, when? Any suggested work arounds?
Thank you for your consideration.
158 votesThanks for suggesting that, we are looking into a number of ways to have that support. Unfortunately we don’t have a timeline for introducing such capability.
Ahmed
App Service Team -
TLS 1.3 is now approved, this should be implemented with Web Apps
TLS 1.3 is now no longer a draft, when will Azure introduce the option to enable it?
142 votesHi there,
Given TLS 1.2 was just enabled on Web Apps, we don’t have a plan for when the work will be done to enable 1.3. We will definitely leave this on the backlog as we will come back to it when relevant
Thanks,
Oded -
Make Application Gateway WAF services available for non-ASE App Service plans
The Application Gateway and specifically WAF are useful even for simpler apps because of the OWASP and general security protections afforded.
App Service Environments are extremely costly compared to a loaded Standard S1 or Premium P1 App Service plan and the Application Gateway/WAF cannot be used without the ASE.
While there are WAF solutions provided by 3rd parties it would be great if the Azure solution used for ASE's was also available for standard App Service plans.
Thanks
139 votesWe are still working on a few features which we hope to announce in a few months.
@Peter – We will not providing the WAF capabilities directly to Web Apps.
-
Associating Hybrid Connections to Azure App Services cannot be automated
There is no way to associate a Hybrid Connection to an Azure App Service via ARM Template or PowerShell.
This is a significant gap since we cannot automate this at all when that is the driving factor for DevOps and PaaS services.
133 votesWe are looking at options here.
Thanks,
Oded -
Install 64 bit dotnet.exe runtime
I have a memory intensive webjob that uses dotnet.exe and needs to run in 64 bit mode. But the dotnet.exe currently installed is 32 bit.
Is there an easy way to change this to 64 bit? Or can the 64 bit dotnet.exe be installed by default?
122 votesHello,
.NET Core versions 2.2.0 and 2.2.1 are being rolled out as of now and support x64. Please see this blog post for more information: https://blogs.msdn.microsoft.com/webdev/2018/12/04/asp-net-core-2-2-available-today/
Thanks,
Jason -
Allow IP Restrictions to be a Slot Setting
In the same way as we have with App Settings it should be possible to make the IP Restrictions a slot setting (sticky) so that they don't migrate when you swap slots. This could be per IP even....
116 votesThis is a valid request. We are looking to update more settings that will be sticky to a slot and we have added IP restrictions to that list.
Thanks,
Oded -
The Always On setting should have an option to make it sticky to the slot when swapping
This is odd it isn't this way by default but should at the very least have an option to make it sticky so as to not break anyone's current practices (in fact, shouldn't more settings have the option to be sticky?).
The issue here is that an always on slot consumes resources. If for example each app consumes 200Megs of RAM, and I have 5 app services running on a service plan, each app service has 2 slots for swapping, then I need to have Always On turned on unnecessarily for 10 slots (2gigs of RAM consumed for nothing). The…
111 votesMoving the feature request to under review. When we have a clear timeline to share, we’ll update the status.
Thanks,
Oded -
Restart App Service Plan (all Web Apps in a plan), something similar to iisreset, from within the portal
It would be great to have a restart button, similar to the restart button in a Web App, but on the App Service Plan level to restart all Web Apps in a plan. something similar to iisreset.
100 votesHi Ibrahim,
What issue are you trying to solve? What use case would this be used for?
It seems to me that placing a restart option on the plan level might do more harm than good, by resetting the memory on all the apps under the plan. Depending on your scenario, auto-heal would be a great solution to solve individual machine issues. See a video by my colleagues here for more details: https://channel9.msdn.com/Series/Windows-Azure-Web-Sites-Tutorials/Auto-Healing-an-Azure-App-Service
Placing this idea under review for now until I understand what’s at the base of the request here.
Thanks!
Oded -
Allow App Service to Access Secret without version
Currently an App Service can access Secrets App Service Identity - but the secret version must be part of this configuration.
What would be helpful is to allow the App Service to get the latest version of the secret - that way a value can be centrally changed - without having to update the App Service configuration (to use the new version of the secret).
This will allow management of the data in the Key Vault - without requiring updates to the App Service to get the new value.
98 votesHi all,
This work is underway. Please keep the feedback coming.
- Matthew
-
Add "Allow access to Azure services" in Azure App Service IP restrictions
Re this thread
https://www.yammer.com/azureadvisors/#/Threads/show?threadId=945875058
I'd used PowerShell to manually add IP restrictions a couple of weeks ago. Right away my App Insights availability tests started failing so I narrowed the test location down to Dublin IE and allowed those IP/Subnets.
Add an option similar to SQL Server "Allow access to Azure services" That white lists Azure App insights availability tests for selected regions.
Thanks
Luke
90 votesThere was some confusion about this feature due to the documentation for it and UX originally released had a bug.
The IP Restrictions feature works as an ALLOW list, rather than a DENY list as originally stated.
The ask here is still valid, there are other services in azure (like SQL) that have UI to explicitly allow other azure services to reach the database. While this is convenient for development scenarios, it’s not a good idea for securing the resource.
We’ll keep an eye on this request and see if it gathers more up-votes.
-Byron
-
App Service - Allow Named Pipe Activation to be enabled
We would like to use named pipes to communicate between services on the same app service, but this doesn't seem to be possible since named pipe activation isn't enabled in .Net on the app service.
88 votesThanks for the entry. We’re taking a look.
Oded
-
Permission for accessing Performance counters
We would like create a custom monitoring solution for our Azure Web Site based projects. Unfortunately the web site and job processes do not have permission to read performance counters.
I understand that this is mandatory for a shared hosting environment. However I see nothing against having such functionality if the user has dedicated instances.
Would it be possible to remove this restriction?
87 votesThis isn’t available yet and we’re leaving the ask under review for now. We’ll come back to the idea when we have news.
Thanks,
Oded -
Allow Custom URL Rewrite Handler for Database
Allow installation of a GAC custom rewrite handler for doing URL rewrites on Web Apps using a database backend.
84 votesHi there,
Thanks for bringing this up once more. We will have an internal conversation again about implementing for App Service.
Thanks,
Oded -
Make App Settings KeyVault Reference default to latest Secret Version
KeyVault references in App Settings is a welcome improvement in KeyVault integration.
One lingering aspect to improve, I think, is to allow us to expect the latest secret version - such that we can specify the secret name and can forget about versioning if we wish. Clearly versioning also supports a stricter process.70 votesHello,
Thank you for the request. I have reached out to the relevant team and will update this status aas I get more information.
Thank you,
Jason -
Azure App Service Certificate : Add support for EV certificates (Extended Validation)
Azure App Service Certificate permit to have standard SSL and Wildcard. But need to add a new SKU for permit customers to register an EV Certificate too (Extended Validation)
69 votesYou can get EV certificates from Azure Key Vault service today or bring your own certificate from external CA and import it via “Upload Certificate”. You would then have to upload the certificate from Key Vault as documented here https://docs.microsoft.com/en-us/azure/key-vault/key-vault-use-from-web-application
We are looking into how to improve the experience in Azure portal .
-
Provide more secure TLS ciphers
Currently Chrome flags the CBC ciphers as obsolete. CBC ciphers are at the top of the cipher preference list of Azure Web Apps as you can see there: https://www.ssllabs.com/ssltest/analyze.html?d=test.azurewebsites.net
More info: https://www.chromium.org/Home/chromium-security/education/tls#TOC-Cipher-Suites
So please provide some more secure ciphers from the ECDHE cipher suite like TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256.68 votesHi there,
We are constantly reviewing cipher suites and will update more in the future.
Thanks,
Oded -
Access to a populated User.Identity
It would be very valueable to have Access to a "populated" User.Identity in the Controllers. Most of the the time, at least in my apps, my Apis will present user specific Content. Having a populated User.Identity would help alot.
59 votesHello!
At the moment our recommended method for checking the identity of the current user is to check several attributes added to incoming requests. This is to allow your application to go completely in and out of memory on lower priced tiers without “always-on.” Check out the tutorial below for the header names.
https://docs.microsoft.com/en-us/azure/app-service-api/app-service-api-authenticationWe would like to have language specific auth functionality like this in the future. I am placing this item in “unplanned” to be used in future planning sessions.
thanks for your feedback!
Alex
Azure App Service Team -
Enable Hybrid Connections to work with read-only routing feature in SQL Server Availability Groups
We have a setup where App Service in Azure connects to on-premise SQL Server via Hybrid Connection. SQL Server environment on-premise is AlwaysOn Availability Group of 3 servers.
Azure App Service uses connection string, where "Server=" part specifies Availability Group Listener DNS name. App Service connects to AG Listener just fine, and listener directs App Service to primary server. Setup works fine and App Service can read data from primary server.
However, when we add "ApplicationIntent=ReadOnly" part into connection string, App Service can't connect to SQL Server and throws generic "network specific or instance related..." error. Our goal by adding…
54 votes -
54 votes
With the release of Azure App Service on Linux, we are looking in supporting Golang as a built-in runtime stack. In the meanwhile you can create a custom container that supports Go.
A link of how to use a custom docker container with Web App for Containers:
https://docs.microsoft.com/en-us/azure/app-service/containers/quickstart-custom-docker-imageThanks,
Ahmed, App Service
- Don't see your idea?