Web Apps

Web Apps in Azure App Service provides a scalable, reliable, and easy-to-use environment for hosting web applications. Select from a range of frameworks and templates to create a web site in seconds. Use any tool or OS to develop your site with .NET, PHP, Node.js, Python and more. Choose from a variety of source control options including TFS, GitHub, BitBucket and others to set up continuous integration and develop as a team.

More details about the services are available in the App Service documentation. If you have a technical issue, please open a post on the developer forums through Stack Overflow or MSDN.

Products that we listen to in this space include: App Service, Web Apps, API Apps and Web App for Containers.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Send shutdown HTTP request for graceful termination

    There is no way to gracefully shutdown a Node Windows App Service. It would be great if iisnode sent a shutdown/cooldown request, just like it sends a warmup request (https://michaelcandido.com/app-service-warm-up-demystified/). This would allow us to close DB connections and stop processing Azure Service Bus messages, for example.

    54 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  2. Deleting an IP restriction for a Subnet that no longer exists returns an exception and changes are applied

    When a subnet that is included as an IP restriction in the IP Restriction list for an Azure Function App is deleted, and then the IP restriction is deleted from the list of restrictions, the API returns an exception, although changes are applied (as expected).
    Suggestion is to improve the response of the API in such cases so no false exceptions are returned.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  API Apps  ·  Flag idea as inappropriate…  ·  Admin →
  3. Add alternate validation methods for App Services Managed Certificates

    Please create an alternate method of validation for creating an App Services Managed Certificate. We use CloudFlare in front of our App Services, so the CNAME points to CloudFlare and not Azure. Consequently, validation fails. A preferable alternate solution would be to check if the domain the cert if being requested for is already a custom domain in the web app. If it is, since it you have already been validated as the owner of that domain, it should suffice for an app services managed cert. If you can't do that, then use a DNS TXT record for verification.

    7 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  App Service Environment  ·  Flag idea as inappropriate…  ·  Admin →
  4. Support for deploying R Shiny App to Azure Web App Container

    What I’m looking for is a guide/tutorial/dockerfile on how to accomplish deploying a shiny app to Azure Web Apps (a tutorial for Flask already exists https://docs.microsoft.com/en-us/azure/app-service/containers/quickstart-python). I think this would be a great addition to the App Service Linux lineup, since Shiny (https://shiny.rstudio.com/) is very popular. A somewhat similar solution exists here https://www.shinyproxy.io/.

    32 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Diagnostics  ·  Flag idea as inappropriate…  ·  Admin →
  5. Allow a large organization to pre-validate custom domains/subdomains for ALL app services.

    As a large organization it is very painful and slow to have to request a TXT DNS record be created for every single web app our developers need to create just to validate a subdomain we've already validated several times.

    If I own
    *.thisdomain.com
    I should not have to validate
    subdomain.thisdomain.com
    OR when using path based:
    thisdomain.com/path/
    on our web applications in our subscriptions/tenant.

    This is of primary concern because we host all web apps behind our application gateways and so users never use the domain to directly access the web application but the apps need to "think" they are…

    15 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  6. Upgrade CPUs in Azure App Service Premium Tier

    Currently the "Premium" tier on App Service offers this three options:

    P1: 1VCore DSV2
    P2: 2VCores DSv2
    P3: 4VCores DSv2

    I wouldn't call this a premium tier now that we are getting into 2020...

    App service is one of the most useful services offered in Azure and it really needs an upgrade.

    Amazon's Beanstalk does not have such limitations.

    I would suggest that to upgrade the hardware/resources of the Premium tier to at least:

    P1: 2 VCores
    P2: 4 VCores
    P3: 8 VCores

    The processors model should be upgraded as well to use DSv3 or even better the F series.

    33 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  7. Create Function level Keys for Azure Functions in ARM template

    ARM templates currently allow to create functionKeys on host level as:

    {
    
    "type": "Microsoft.Web/sites/host/functionKeys",
    "apiVersion": "2018-11-01",
    "name": "[concat(parameters('appServiceName'), '/default/MyFunctionKey')]",
    "properties": {
    "name": "MyFunctionKey"
    }
    }

    Which is great, but does not allow a very granular level of security.
    It is possible to create FunctionKeys on Function level through the admin API (/admin/functions/$($function.functionName)/keys) but not via ARM template.

    Ideally I would like to be able to do the following in my ARM template:

    {

      "type": "Microsoft.Web/sites/functions/functionKeys",
    
    "apiVersion": "2018-11-01",
    "name": "[concat(parameters('appServiceName'), '/MYFUNCTIONNAME/MyFunctionKey')]",
    "properties": {
    "name": "MyFunctionKey"
    }
    }

    I do understand the main difficulty is that the function is most likely created…

    13 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Deployment  ·  Flag idea as inappropriate…  ·  Admin →
  8. App Service Sertificate does not issue cert when web app is deployed on linux app service plan

    App Service Sertificate does not issue cert when web app is deployed on linux app service plan

    48 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Bugs  ·  Flag idea as inappropriate…  ·  Admin →
  9. Providing alerting mechanism for ASE goes unhealthy

    Current ASE options for alerting does not have any an option to alert and monitor unhealthy ASE, We need this option to proactively monitor ASE's
    Alerting and monitoring application is very much essential for running any application on production basis. Recently we have come-across situation where our ASE got suspended because it was unhealthy, upon checking with Microsoft support they have said currently there is no alert rule for Unhealthy ASE at the moment.

    And also, existing alerts are unable to send data to the backend systems, hence unable to generate any alerts as well.

    As an enterprise product Microsoft…

    14 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  App Service Environment  ·  Flag idea as inappropriate…  ·  Admin →
  10. event log history

    We've had the issue where to diagnose a problem we've needed support to check the historical event logs to see that there was an error throwing, however, as the errors were sporadic, it's been exceedingly difficult to diagnose until support were able to trace exceptions thrown in historical event logs and we were then able to implement code fixes.

    Can a history of event logs be made available for us to access? Even going back a week or two would have been exceedingly useful!

    27 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Diagnostics  ·  Flag idea as inappropriate…  ·  Admin →
  11. Scope down permissions required for app service "Backup Configuration" blade

    Right now the app service "Backup Configuration" blade in the Azure portal requires a few permissions to load. Specifically, sites/read, sites/backup/config/write, sites/backup/action, sites/backup/write, and sites/config/connectionStrings/list/action.

    sites/config/connectionStrings/list/action is not an exposed permission and is nonassignable in a custom role.

    Please scope down permissions required in the "Backup Configuration" blade to leave out this nonassignable permission and achieve parity with backup configuration via REST API, CLI, PowerShell, etc.

    Alternatively, make Microsoft.web/sites/config/connectionStrings/list/action assignable to a custom role.

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  12. After migrating the .NET Core webapp project from .net core 2.2 to 3.1 it cannot establish a socket connection with a remote VM-based app in

    We have a .NET Core web application deployed as an Azure App Service that we recently migrated from .NET Core 2.2 to .NET Core 3.1. The application makes remote API calls to a private service hosted on an Azure VM over a private IP connected with VNet Integration. There have been no changes to the application code networking layer, and we have verified all firewall rules are set to permit traffic from the App Service. The .NET Core 2.2-based deployment slots connect to the same VM (over private IP) with the same API service and the same VNet without issue.…

    13 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Bugs  ·  Flag idea as inappropriate…  ·  Admin →
  13. Create documentation on how to create a PFX file for App Service

    There is no documentation on how to create a PFX file for App Service.
    Many people want official Microsoft documentation on the process.
    Could you create documentation on how to create a PFX file for App Service?
    Please consider our proposal.

    9 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Flag idea as inappropriate…  ·  Admin →
  14. Connecting WebApp Service and a DBaaS (MS SQL MySQL etc)PaaS through a VNet service

    Connecting WebApp Service and a DBaaS (MS SQL MySQL etc)PaaS through a VNet service. We understand that there is a SNAT limitation when a webapp service is connected to a PaaS service that causes error in the application.
    We need private endpoint for DB PaaS services for overcoming the SNAT limitation and also to reduce the latency while connected through private IP address.

    43 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Supportability  ·  Flag idea as inappropriate…  ·  Admin →
  15. Add support for xgboost in standard Flask python app container

    When trying to deploy a python app using Flask for an API on Azure Web Apps, if the dependency of xgboost is included errors occur during the build.

    For example, if the following is application.py:
    import xgboost as xgb
    import pandas as pd
    from flask import Flask
    from flask import request, jsonify
    import numpy as np
    import pickle as p
    #
    app = Flask(name)
    modelfile = 'prodmodelxgboost.pkl'
    model = p.load(open(modelfile, 'rb'))
    #
    @app.route('/api/', methods=['POST'])
    def makecalc():

    data = request.get_json()
    
    data = pd.DataFrame.from_dict(data, orient = 'index').transpose()
    data = np.reshape(data, (1, -1))
    prediction = np.array2string(model.predict(data))
    return jsonify(prediction)

    #

    9 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  API Apps  ·  Flag idea as inappropriate…  ·  Admin →
  16. Allow tag based whitelisting of Microsoft Azure Services on App Service

    Please add the option of allowing the AppServices to Whitelist Azure Services by their Tags, just like in Application Gateway. There are cases where it is really helpful, like to the users of APIM Consumption Tier. Since there can be no dedicated IP to whitelist a Consumption Tier APIM instance, an entire bunch of Datacenter IPs needs to be whitelisted to prevent direct access to an API running on App Service. I just whitelisted like 161 IPs yesterday for North Central US region.

    I have 8 App Service per environment, which host my APIs per environment and I have 3…

    15 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  17. Provide private dns zone support for app services

    If I add a cname record to a private dns zone called "testdns.com" - for example app1.testdns.com -> app1.azurewebsite.net

    Then I would like to add a custom domain name to my app service "app1" for that custom domain. Currently this does not work.

    However this does work if I add the dns record to a public dns zone.

    20 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  18. Make it possible to deploy WebApp using custom domain and App Service managed certificate in one deployment

    Currently it is not possible to provision a new Microsoft.Web/sites resource using custom domain and App Service managed certificate using one deployment operation. This is because of cyclic dependency between Microsoft.Web/sites/hostNameBindings and Microsoft.Web/certificates resources. This is pretty confusing and inconvenient.

    The sequence of operation ARM needs to perform is as below:


    • create Microsoft.Web/sites resource

    • create Microsoft.Web/sites/hostNameBindings (without binding an SSL certificate because it does not yet exist) to link custom domain name to the Web App

    • create Microsoft.Web/certificates resource to issue a managed certificate for the custom domain (this requires custom domain to be linked)

    • now need to update existing …
    7 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Deployment  ·  Flag idea as inappropriate…  ·  Admin →
  19. URL hijacking

    If somebody hijacks an app service by replicating its name, the forceful deletion of the bogus app service should be carried out immediately and with a minimum of bureocracy involved.

    7 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  20. Scale Out wait for WarmUp complete before being added to LoadBalancer

    When adding new instances to the LoadBalancer, scale out mechanism doesn't wait for those application instances to fully warm up.

    Availability checker, via AppInsights, logs these responses, with the header:
    'X-AppInit-WarmingUp: 1'

    Which means that IIS knows that the application is in it's WarmUp cycle, but the LoadBalancer is already trying to serve requests.

    N.B. we can add a rewrite rule to redirect the user to the original request, and hope that the LoadBalancer sends the user to a ready instance - but this feels like a hack.

    465 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    22 comments  ·  Bugs  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base