Web Apps

Web Apps in Azure App Service provides a scalable, reliable, and easy-to-use environment for hosting web applications. Select from a range of frameworks and templates to create a web site in seconds. Use any tool or OS to develop your site with .NET, PHP, Node.js, Python and more. Choose from a variety of source control options including TFS, GitHub, BitBucket and others to set up continuous integration and develop as a team.

More details about the services are available in the App Service documentation. If you have a technical issue, please open a post on the developer forums through Stack Overflow or MSDN.

Products that we listen to in this space include: App Service, Web Apps, API Apps and Web App for Containers.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Version data for deployed slot

    I'm using ARM template to deploy a new slot to an existing webapp, the problem is that there is no way of seeing or passing the version of the build that the slot has.

    It would be really useful to have a "Version" -field in the portal where I can pass the version data of the build so that you could easily see which slot has which build version.

    24 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    4 comments  ·  Flag idea as inappropriate…  ·  Admin →
  2. [Linux] - Set Docker Image Tag as a slot setting in Application Settings of a Web App for Containers

    When swapping between staging and production slots of a Web App for Containers, it would be really handy to have the option of keeping the tag of each image in its respective slot (e.g. image:latest for production, image:dev for staging) and not get them to swap after each slot swap.
    Imagine you setup Continuous Deployment through Dockerhub. You push code changes on GitHub, and image build is triggered and then an image pull request from Azure to Dockerhub. If a swap has preceded the above flow, then newly build images would end up in the opposite from desired deployment slots. …

    23 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Linux  ·  Flag idea as inappropriate…  ·  Admin →
  3. Strict-Transport-Security

    With the ability now to force HTTPS, it would be nice if Strict-Transport-Security HTTP Header should also be set and knock another finding off of the security report:

    Details on The Header:
    https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security

    22 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Flag idea as inappropriate…  ·  Admin →
  4. PowerShell and CLI support for the management of App Service Environments

    Azure PowerShell and Azure CLI commands to support the management of an App Service Environments (at least v2). Hopefully this could include the ability to get management IP information, do scaling, and if it is an ILB ASE update the ILB Certificate.

    22 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  App Service Environment  ·  Flag idea as inappropriate…  ·  Admin →
  5. Allow importing 3rd party ssl certs for use as app service certificates in app services/web apps

    Currently if I have an ssl certificate being used in multiple app services, when I renew that certificate I have to update the app services one by one or via powershell. It looks like using an app service certificate would solve this by allowing me to renew in one place and have it update each of the app services automatically. The problem being that I use 3rd party issued ssl certs vs ones created as app service certs in azure.

    Ideal would be to either allow uploading 3rd party ssl certs to be used as app service certs or offer…

    22 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Flag idea as inappropriate…  ·  Admin →
  6. Enable application logging in ILB ASE

    Currently there is no way to access our applications trace logs in an ILB ASE environment. I understand the Log Stream button is greyed out in the portal, but even using Kudu, FTP, blob, or streaming in VS, none of these are working in ILB ASE, and support tells us this is a known issue. This is a huge downside for us because we depend on our customized application log messages for troubleshooting.

    20 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  App Service Environment  ·  Flag idea as inappropriate…  ·  Admin →
  7. Update Web App ModSecurity module to 2.9.2

    The current version of the ModSecurity module that is integrated in the IIS of the Web App Services is 2.8.0.
    This version of ModSecurity has issues with the IP + Port formatting of the AlwaysOnline service. Please update it to 2.9.2.

    19 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  1 comment  ·  Flag idea as inappropriate…  ·  Admin →
  8. Add a Remove-AzureRmWebAppCertificate cmdlet

    There is no PowerShell cmdlet for Remove-AzureRmWebAppCertificate. This would be really useful to enable cleanup of old certificates that are no longer used.

    (Note: I'm aware that using Remove-AzureRmWebAppSSLBinding will clean up a certificate if it's not referenced anymore. However, in production applications we don't want to use that cmdlet when updating an SSL certificate - we instead use New-AzureRmWebAppSSLBinding to overwrite the existing binding to the new certificate. The New-AzureRmWebAppSSLBinding cmdlet doesn't clean up the unused old certificate.)

    19 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Flag idea as inappropriate…  ·  Admin →
  9. Limit number of accepted client certificates when doing mutual TLS

    I want to be able to control the trusted issuers list sent to the web browser so that list of allowed certificates can be filtered in the browser. This was possible in IIS and with Azure Cloud Service I believe but how can we do it in a Azure web app?

    What I basically want to do is set the content of the certificate_authorities field in CertificateRequest sent by the server to the browser in the TLS handshake as stated in RFC5246.

    18 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    4 comments  ·  Flag idea as inappropriate…  ·  Admin →
  10. Allow to start an AAD authentication express setup from an ARM template

    When enabling AAD authentication on an App service, using an ARM tempalte, you have to manually specify a clientid and clientsecret. Something like MSI: identity: "system" would be much easier. Especially from a Ci/CD perspective.

    18 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  11. Support Weibo for authentication

    Weibo is the 'twitter' of China, which is of course a large market. It would be great if Weibo was plugged into the existing Mobile Services Authentication service.

    18 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  12. [Linux] Allow remote debugging of .NET core apps hosted by linux app services

    It is currently not possible to remote debug .NET core applications running on Azure Linux App Services. Please consider to add remote debugging to the feature list of Linux App Services.

    17 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Linux  ·  Flag idea as inappropriate…  ·  Admin →
  13. Support sending web server logs to OMS Log Analytics workspace

    Web Server logs can currently be written to a Blob storage account. However, it would be great if the logs could be sent directly to an OMS Log Analytics workspace.

    16 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Flag idea as inappropriate…  ·  Admin →
  14. Ability to set different machinekey for each deployment slot

    There must be a way to set different machinekey element for different deployment slots. So that user authenticated on one slot don't get authenticated on all slots.

    Currently machinekey can only be configured in web.config. and web.config gets also gets swapped when slots are swapped.

    16 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  15. Remove Weak SSL Cyphers from App Services

    App Services currently supports the following Cyphers:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Cryptography\Configuration\Local\SSL\00010002
    (Default) REG_SZ NCRYPT_SCHANNEL_INTERFACE
    Functions REG_MULTI_SZ
    TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256\
    0TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384\
    0TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256\
    0TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P384\
    0TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P256\
    0TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P384\
    0TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P256\
    0TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P384
    \0TLS_DHE_RSA_WITH_AES_256_GCM_SHA384\
    0TLS_DHE_RSA_WITH_AES_128_GCM_SHA256\
    0TLS_RSA_WITH_AES_256_GCM_SHA384\
    0TLS_RSA_WITH_AES_128_GCM_SHA256\
    0TLS_RSA_WITH_AES_256_CBC_SHA256\
    0TLS_RSA_WITH_AES_128_CBC_SHA256\
    0TLS_RSA_WITH_AES_256_CBC_SHA\
    0TLS_RSA_WITH_AES_128_CBC_SHA\
    0TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384_P384\
    0TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P256\
    0TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P384\
    0TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384_P384\
    0TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P256\
    0TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P384\
    0TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P256\
    0TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P384\
    0TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P256\
    0TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P384\
    0TLS_DHE_DSS_WITH_AES_256_CBC_SHA256\
    0TLS_DHE_DSS_WITH_AES_128_CBC_SHA256\
    0TLS_DHE_DSS_WITH_AES_256_CBC_SHA\
    0TLS_DHE_DSS_WITH_AES_128_CBC_SHA\
    0TLS_RSA_WITH_3DES_EDE_CBC_SHA\
    0TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA\
    0TLS_RSA_WITH_RC4_128_SHA\
    0TLS_RSA_WITH_RC4_128_MD5\
    0TLS_RSA_WITH_NULL_SHA256\
    0TLS_RSA_WITH_NULL_SHA\
    0SSL_CK_RC4_128_WITH_MD5\
    0SSL_CK_DES_192_EDE3_CBC_WITH_MD5

    All Old/Weak Cyphers should be removed to increase security of the service.

    16 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Flag idea as inappropriate…  ·  Admin →
  16. Enable users to isolate an App Service Plan instance in order to perform offline debug

    It’s difficult to balance root causing live fails with keeping a production application running. This feature request attempts to address this by asking for a way to isolate an ASP instance in a running application.

    By isolating a misbehaving instance you can prevent it from affecting the behavior of the application overall. It can be studied for root cause without app devs or support being pressured to do this live on a production app. When debug is complete it could be terminated.

    14 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  App Service Environment  ·  Flag idea as inappropriate…  ·  Admin →
  17. [Linux] Add support to restrict IP access for Web Apps Linux / Docker

    Don't have this functionality became unfeasible use of Linux / Docker Web Apps in production environment

    14 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Linux  ·  Flag idea as inappropriate…  ·  Admin →
  18. Azure App Service Environment ILB - Support for Internal Certificate Authorities

    Currently the documentation for Azure App Service Environment with ILB claims it supports internal certificate authorities.

    Per - https://docs.microsoft.com/en-us/azure/app-service/environment/create-ilb-ase#post-ilb-ase-creation-validation

    As part of the documentation it is recommended that a user bundles their server auth certificate with the full certificate chain - thus producing a PFX file or base64 encoding it and uploading through powershell.

    However when testing with OpenSSL or on an iOS device, the first request never sees the full certificate chain and fails with "invalid server certificate". It is on a subsequent request the full chain is delivered - leaving users to hit refresh once in their browser…

    13 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  App Service Environment  ·  Flag idea as inappropriate…  ·  Admin →
  19. Offer higher memory / RAM app service plans

    I can see this has been raised before but we would really like to see plan options with higher memory. We could host about twice as many applications on the same plan if memory was increased to something like 32gb. Our apps aren't CPU intensive but need more memory, nor any more up.

    Thanks!

    12 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  App Service Environment  ·  Flag idea as inappropriate…  ·  Admin →
  20. Provide the IP restriction log

    The customer want to know the IPs which listed in the IP restriction(deny) try to access the app.
    Is there any possible to provide this feature ?
    thanks

    12 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  App Gallery  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base