Web Apps
Web Apps in Azure App Service provides a scalable, reliable, and easy-to-use environment for hosting web applications. Select from a range of frameworks and templates to create a web site in seconds. Use any tool or OS to develop your site with .NET, PHP, Node.js, Python and more. Choose from a variety of source control options including TFS, GitHub, BitBucket and others to set up continuous integration and develop as a team.
More details about the services are available in the App Service documentation. If you have a technical issue, please open a post on the developer forums through Stack Overflow or MSDN.
Products that we listen to in this space include: App Service, Web Apps, API Apps and Web App for Containers.
-
Add static IP address for outbound traffic without the use of App Service Environment
There are many reasons you may want to have a static IP address for outbound connections. For example, you may be accessing a system which requires you to whitelist IP address in a firewall, such as SQL Database or an external service.
Currently, the only way to get a static IP address for outbound connections is to use App Service Environment. App Service Environments are quite complex, and has a very high price tag. You need at least 4 instances, 2 of which must be P2, meaning you'll pay at least 1000 EUR/month. Paying 1000 EUR/month just because you want…
692 votesStill no news to share, just to add that we are investigating options on modifications for the App Service multi-tenant offering with enhanced capabilities.
Thanks,
Oded -
Enable users to create custom error pages for 403 and 503 service unavailable messages
Currently 503 errors (service unavailable) present a blank white page with "service unavailable" to the users which is far from professional for us. It would be far better if we could provide a custom 503 page which would include a logo etc., and some text along the lines of "We apologise for the inconvenience, we are working on it. These issues usually resolve in about five minutes. please contact support for further help if required." or something similar.... This error might be caused by Azure network issues, so away from the web app instance.
It would also be helpful if…
582 votesWe may be adding 500 error messages to the App Service Environment capabilities, though we don’t have a timeline right now. We don’t have a way to add this to the multi tenant world.
Thanks,
Oded -
Add button to copy Prod to Staging slot instead of swap
When we deploy by using 'swap' the deployment slot will have an old version of the website. Since we want to use the deployment slot as a staging website, it would be great if we could copy the primary website to a deployment slot, without performing a swap.
453 votesThanks Bart! We are looking at some new workflows in this area. Would you be open to discussing this with us? Please mail me at Nir.Mashkowski@microsoft.com
-
Add url-based probe health checks to Web Apps
When I spin up multiple instances of a Web App, and one of them goes unhealthy in the sense that it starts throwing HTTP 500 errors, I'd like the load balancer to take it out of the load, ideally by using load balancer probing.
This is achieved through WebRoles as detailed here: https://msdn.microsoft.com/library/azure/jj151530.aspx, but this functionality is not available in Web Apps. It would really help soften the blow of instance-based outages.
441 votesHi all,
Still no updates here. It’s definitely on our roadmap and we’re looking to support but this is not near-term.
Thanks,
Oded -
Improve Java site deployments
Deploying a Java application to Azure for the first time is not bad, but incremental updates are very painful. The basic functionality works, but it involved multiple steps that really shouldn't be there.
1. Every time that you want to deploy a WAR file, you have to delete the application's exploded directory (ROOT, for example). In order to do this properly, you have to stop the server first. You should be able to simply replace the WAR file (ROOT.war, for example), and have Tomcat take care of updating the application. If you have an application that is large or has…
437 votesThere are a number of bumps with how we enable publishing for Tomcat and Jetty. The system we have is pretty open ended as it allows you to drop in nearly any Java application. Unfortunately the side effect is that the more PaaS like experiences that are reasonably expected with the built in Tomcat/Jetty are subject to the bumps when publishing to Tomcat/Jetty that is configured with the war autoload capability. Long story short, there are work items that we are looking at to make this better when using the built in Tomcat and Jetty.
Christina -
Web App should use private IP in a VNet with Service Endpoints
Remove the limitation that prevents us from using Web Apps with Service Endpoints to limit access to Azure SQL database.
Limitation is described here: https://docs.microsoft.com/en-us/azure/sql-database/sql-database-vnet-service-endpoint-rule-overview?toc=%2fazure%2fvirtual-network%2ftoc.json#limitations
"•A Web App can be mapped to a private IP in a VNet/subnet. Even if service endpoints are turned ON from the given VNet/subnet, connections from the Web App to the server will have an Azure public IP source, not a VNet/subnet source. To enable connectivity from a Web App to a server that has VNet firewall rules, you must Allow all Azure services on the server."366 votesHi all,
We are currently working on items that will enable service endpoints for multi-tenant App service. We will share the news of the features we deliver on the App Service Blog here: aka.ms/AppServiceBlog.
We also expect to speak about this topic at the Ignite conference in September in Orlando.
Thanks,
Oded -
Support Double Wildcard Custom Domains
For multi-tenant applications, we require the ability for Azure to support double wildcard custom domains.
Single wildcard custom domains are currently well supported, i.e.
*.mydomain.com
catches all unmapped, single subdomain urls e.g. level1ex.mydomain.com, level2ex.mydomain.com etc
The issue (which isn't documented: see forum post below) is that secondary level wildcards are not supported at all by Azure:
e.g. www.level2.mydomain.com will result in a 404 error.
Why is this important? in a multi tenant environment, with lots of customers on different subdomains, it is best from an end-user perspective to support a www. subdomain prefix, as that's what 99% of non-technerati do…
366 votesthis feature has been postponed as it wouldn’t be complete and might be revisited later if standards/supported features by CAs and browsers change (double wildcard certificates are not supported standard, resulting in no way to secure double wildcard domain)
-
Enable 'client certificate authentication' per directory
I have a site that only part of it needs to be secured with client certificate authentication, it is able to be enabled on the site level but not the directory level as per this article.
https://docs.microsoft.com/en-us/azure/app-service-web/app-service-web-configure-tls-mutual-auth
321 votesHi,
thanks for the feedback. This is not currently possible as client cert auth on App Service is in require mode and as such cannot be delegated to folder level.We will review this item and your feedback, we may look to implement this capability based on customer prioritization.
Thanks
Andrew
-
Provide .NET language packs on Web Apps
I'm working on a website that uses System.ComponentModel.DataAnnotations
On my local machine, model validation messages are displayed in french but they are in english when I deploy the website to Azure.
Please install .NET language packs on Azure Web Apps so we don't have to create .resx files and messy code to override .NET built-in messages...
308 votesHi there,
We are still waiting on a few internal dependencies before we can complete this request.
Thanks,
Oded -
Make OData a first class citizen.
Apparently OData (Microsoft's flagship REST data protocol) isn't fully supported.
More info:
quote
"If you can manually create Swagger 2.0 metadata to describe your REST API, it will work perfectly."
/quoteAssuming it's true that swagger can't do OData, I would think that fact alone would've precluded swagger as an option.
Additionally, whatever the reason swagger cannot create metadata for a WebAPI OData project should have been addressed before launch.
Regardless, please fix this.
199 votesThank you for your feedback!
We would like to add more robust OData support. I am placing this item in “unplanned” to be used in future planning sessions.
Alex
Azure App Service Team -
Add ability to use API Key authentication
It would be nice to be able to protect API apps with a set of API Keys instead of requiring a user to manually log in. This would be especially helpful for backend APIs that don't require user authorization or are accessed primarily by other servers.
198 votesThank you for your feedback!
We would like to add API Key support to App Service authentication/authorization. I am placing this item in “unplanned” to be used in future planning sessions.
Alex
Azure App Service Team -
Add a web hook to get notified of completed auto-swaps
Deployment slots with the auto-swap feature are useful to warm up the application before making it visible. Unfortunately, it is not possible to get feedback from the operation.
It would be nice to have a web hook that is invoked with the result of the operation (success/failure).
194 votesThank you Dani, we are reviewing this idea.
Daria, App Service
-
Antimalware feature on Web Apps (App Service)
Cloud Services and Virtual Machines have an antimalware feature to protect themselves from viruses.
However, Web Apps only protects their platform, and there is no customer-facing antimalware service now.
If we develop an application which receives files from anonymous users with an upload form, we can't detect and get rid of the viruses.
We strongly request the antimalware feature like that Cloud Services and Virtual Machines do.187 votesThere are no near term plans to provide this functionality. However we will keep it under review for periodic re-evaluation in the future.
Thank you,
Azure App Service Team -
Add azure commandlets
There is a possibility to run windows powershell scripts in Azure websites but if developers were able to run the Azure powershell commandlets they can unlock the Power of Azure powershell!
167 votesThanks! This is a good ask. We are looking into whether it can be implemented.
-
Online Certificate Status Protocol (OCSP) Stapling
We are seeing some delays in Time To First Byte because OCSP stapling is not active on Azure Web Apps SSL endpoints.
This causes our clients' browsers to call the issuing CA's endpoint before SSL negotiation can really begin.Stapling would save the client browser from having to make an extra request to the CA checking if the certificate has been revoked.
There is also a potential privacy issue for our clients that the CA will be able to log these requests. If the web server takes care of OCSP on the other hand no requests will be sent from…
153 votesMoving back to active status as Jenny reviews the item.
-
Ability to suspend App Service Plans without charge
To save on costs, we want the ability to shut down an App Service Plan overnight while nobody is using it. We can shut down the Web App itself in an automated fashion, but the App Service Plan still charges us even through there are no running instances. Deleting and rebuilding the App Service and the App Service Plan is an option, but it is messy. Please consider not charging for periods where there are no running resources attached to the App Service Plan.
150 votesWe are leaving this idea open, though in the meantime note that you can scale down the App Service Plan to the free or shared tier to reduce costs.
-
Support optional client certificates for TLS mutual auth
Client certificat optional
In IIS the client certificat may be:
- ignored
- accepted (certificat optional)
- asked (certificat mandatory)But on app service it can't be "accepted".
130 votesI would like to discuss this feature request a bit more. Please respond in the comments section.
-
Add Application Initialization Support for Scale Up/Down
The application initialization/warmup feature works great when scaling out/in, but when scaling up/down requests are immediately routed to the new instances before the application is warmed up. It would be great if the new instances could be warmed up before rerouting requests to them.
113 votesPlacing under review per Ruslan’s comments. We don’t have a timeline to share, but we will update the item once there is more information available.
Thanks,
Oded -
Make Application Gateway WAF services available for non-ASE App Service plans
The Application Gateway and specifically WAF are useful even for simpler apps because of the OWASP and general security protections afforded.
App Service Environments are extremely costly compared to a loaded Standard S1 or Premium P1 App Service plan and the Application Gateway/WAF cannot be used without the ASE.
While there are WAF solutions provided by 3rd parties it would be great if the Azure solution used for ASE's was also available for standard App Service plans.
Thanks
112 votesWe are still working on a few features which we hope to announce in a few months.
@Peter – We will not providing the WAF capabilities directly to Web Apps.
-
Allow Azure App Service IP Restriction configuration by PowerShell Script
At the moment an Azure App service has the ability to white list IP addresses through the Networking > IP Restriction blade. It would be useful if this could be configured through PowerShell.
106 votesThe option to manage your restrictions through PowerShell is on its way and the docs and being written to explain how to do this. We’ll update when the docs are out.
Thanks,
Oded
- Don't see your idea?