Web Apps

Web Apps in Azure App Service provides a scalable, reliable, and easy-to-use environment for hosting web applications. Select from a range of frameworks and templates to create a web site in seconds. Use any tool or OS to develop your site with .NET, PHP, Node.js, Python and more. Choose from a variety of source control options including TFS, GitHub, BitBucket and others to set up continuous integration and develop as a team.

More details about the services are available in the App Service documentation. If you have a technical issue, please open a post on the developer forums through Stack Overflow or MSDN.

Products that we listen to in this space include: App Service, Web Apps, API Apps and Web App for Containers.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Make OData a first class citizen.

    Apparently OData (Microsoft's flagship REST data protocol) isn't fully supported.

    More info:

    https://social.msdn.microsoft.com/Forums/azure/en-US/7363e392-86d8-4b60-99fd-af98e128ab06/whats-the-odata-story?forum=AzureAPIApps

    quote
    "If you can manually create Swagger 2.0 metadata to describe your REST API, it will work perfectly."
    /quote

    Assuming it's true that swagger can't do OData, I would think that fact alone would've precluded swagger as an option.

    Additionally, whatever the reason swagger cannot create metadata for a WebAPI OData project should have been addressed before launch.

    Regardless, please fix this.

    223 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    5 comments  ·  API Apps  ·  Flag idea as inappropriate…  ·  Admin →
  2. Access to a populated User.Identity

    It would be very valueable to have Access to a "populated" User.Identity in the Controllers. Most of the the time, at least in my apps, my Apis will present user specific Content. Having a populated User.Identity would help alot.

    59 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  API Apps  ·  Flag idea as inappropriate…  ·  Admin →

    Hello!

    At the moment our recommended method for checking the identity of the current user is to check several attributes added to incoming requests. This is to allow your application to go completely in and out of memory on lower priced tiers without “always-on.” Check out the tutorial below for the header names.
    https://docs.microsoft.com/en-us/azure/app-service-api/app-service-api-authentication

    We would like to have language specific auth functionality like this in the future. I am placing this item in “unplanned” to be used in future planning sessions.

    thanks for your feedback!
    Alex
    Azure App Service Team

  3. Programmatically associating a Hybrid Connection to an Azure App Service is not possible

    I believe that there should be a capability added to Azure App Services to allow for programmatically associating existing Hybrid Connections to an App Service instance. This can be done manually via the portal as shown in the attached image but cannot be done via Powershell, Azure CLI, or Azure REST API. Any upcoming features for this? Or is this already possible but I haven't yet been able to find out how? Thank you.

    41 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    6 comments  ·  API Apps  ·  Flag idea as inappropriate…  ·  Admin →
  4. API Apps with AllowAnonymous

    Have a mix of authentication levels for different endpoints in the underlying Web API?

    API App to have access level of 'Public (authenticated)' but one of the endpoints needs to be accessible as an anonymous user. Previously I would have just applied the AllowAnonymous attribute on the method, but the gateway still intercepts and returns an unauthenticated response.

    Would be great to mark a specific method as allowing anonymous and the default behaviour to respect the gateway authentication level.

    27 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  API Apps  ·  Flag idea as inappropriate…  ·  Admin →

    Thank you for your feedback!

    Right now the workaround is to set your authentication/authorization option to enabled, but set the action for unauthenticated requests to “allow.” Then manually redirect unauthenticated requests to the secured endpoints to the authorization flow at /.auth/login/done.
    https://docs.microsoft.com/en-us/azure/app-service-mobile/app-service-mobile-how-to-configure-active-directory-authentication#optional-configure-a-native-client-application

    We would like to add more robust support for multiple auth levels in the future. I am placing this item in “unplanned” to be used in future planning sessions.

    Thanks!
    Alex
    Azure App Service Team

  5. Web App built-on CORS header Access-Control-Max-Age

    Using the built-in CORS support in App Service for an API Web App, we can't specify header 'Access-Control-Max-Age' or any other headers besides 'Access-Control-Allow-Credentials' and 'Access-Control-Allow-Origin'.

    We would like to use the App Service built-in CORS because it's easy to manage all the different allowed origins from there, but we need to be able to set headers like 'Access-Control-Max-Age', 'Cache-Control', and 'Vary' to optimize the OPTIONS calls.

    21 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  API Apps  ·  Flag idea as inappropriate…  ·  Admin →
  6. Certificate Authentication

    From what I can see clients can only authenticate to API apps interactively. This, like others said, makes automated authentication difficult. It would be great to support certificate authentication, much like the Azure Management API does, i.e. https://msdn.microsoft.com/en-us/library/azure/ee460782.aspx#bk_cert

    20 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  API Apps  ·  Flag idea as inappropriate…  ·  Admin →

    Thank you for your feedback!

    For the time being you can use service principle auth to programmatically authenticate with an API if you are using AAD auth. https://docs.microsoft.com/en-us/azure/app-service-api/app-service-api-dotnet-service-principal-auth

    We would like to add general cert auth to App Service authentication/authorization in the future. I am placing this item in “unplanned” to be used in future planning sessions.

    Thanks!
    Alex
    Azure App Service Team

  7. Add alerts/notification for Auto heal application.

    Adding alerts or notification when the there is a Proactive auto healing or Mitigation rules in the application.

    16 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  API Apps  ·  Flag idea as inappropriate…  ·  Admin →
  8. Add wildcard pattern support for Azure Webapp _backup.filter file

    Right now _backup.filter does not support wildcards. Therefore, if logs are being produced say with a date or time timestamp, they can not be filtered unless they are moved to a seperate folder, which is then filtered. This is not viable in all cases.

    9 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  API Apps  ·  Flag idea as inappropriate…  ·  Admin →
  9. Avoid default 403 when IP Restrinctions are configured on App Services

    Currently, when you configure ip restrinctions on App Services, the App Service is able to return the 403 default error page. It could be a proxy, I think. But many IT managers (clients, because I am an Azure consultant) gave me this idea.

    It could be better if our web applications does not return the 403 default page when the ip source does not in the whitelist

    This is the default 403 web page generated by Microsoft, when we have configured ip restrictions:

    Error 403 - This web app is stopped.
    The web app you have attempted to reach is…

    9 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  API Apps  ·  Flag idea as inappropriate…  ·  Admin →
  10. Make client certificates optional for tls mutual authentication

    We have a set of services that need to be able to support both client certificate authentication and AAD JWT authentication.

    The current behavior either makes the certificate mandatory which doesn't work for us as the same routes/apis need to support the AAD jwt token auth, or nothing at all.

    Making the certificate mandatory per route is also not useful as the same route needs to support both.

    7 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  API Apps  ·  Flag idea as inappropriate…  ·  Admin →
  11. Absolute path longer than 260 letters

    WebApps are currently using OS version: Microsoft Windows NT 10.0.14393.0 which supports file names longer than 260 letters. However, when trying to create an absolute path longer 260 letters, it is not allowed. Since the OS natively supports it, it may give developers a wider freedom to enable

    7 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  API Apps  ·  Flag idea as inappropriate…  ·  Admin →
  12. Accessing APIs of Azure App service with SSL in MobileServiceClient(Xamarin mobile app).

    Provide some option in MobileServiceClient (Xamarin mobile app, Android and iOS) to access APIs of Azure App service with SSL.

    4 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  API Apps  ·  Flag idea as inappropriate…  ·  Admin →
  13. Add support incl. documentation on writing API Apps in Python and importing this API in APIM.

    Although Azure's documentation claims that Python is fully supported on Linux environments, I'm not able to use the API Management service and include for instance an Azure Function App created in Python. Is this even possible and, if yes, how?

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  API Apps  ·  Flag idea as inappropriate…  ·  Admin →
  14. Allow trigger prioritization

    I have several functions including both http and queue triggered, as well as one timer triggered, in a single function app on a multi-instance app service. I am having problems where even though there are multiple instances, some of my functions wind up waiting until the timer triggered function (which takes a few minutes) is complete before they execute. That means that instead of taking less than a second, these functions take several seconds up to minutes, depending on when they are triggered during the timer's execution. I am probably going to move the timer triggered function to its own…

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  API Apps  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base