Web Apps

Web Apps in Azure App Service provides a scalable, reliable, and easy-to-use environment for hosting web applications. Select from a range of frameworks and templates to create a web site in seconds. Use any tool or OS to develop your site with .NET, PHP, Node.js, Python and more. Choose from a variety of source control options including TFS, GitHub, BitBucket and others to set up continuous integration and develop as a team.

More details about the services are available in the App Service documentation. If you have a technical issue, please open a post on the developer forums through Stack Overflow or MSDN.

Products that we listen to in this space include: App Service, Web Apps, API Apps and Web App for Containers.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Enable application logging in ILB ASE

    Currently there is no way to access our applications trace logs in an ILB ASE environment. I understand the Log Stream button is greyed out in the portal, but even using Kudu, FTP, blob, or streaming in VS, none of these are working in ILB ASE, and support tells us this is a known issue. This is a huge downside for us because we depend on our customized application log messages for troubleshooting.

    20 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  App Service Environment  ·  Flag idea as inappropriate…  ·  Admin →
  2. Certificate Authentication

    From what I can see clients can only authenticate to API apps interactively. This, like others said, makes automated authentication difficult. It would be great to support certificate authentication, much like the Azure Management API does, i.e. https://msdn.microsoft.com/en-us/library/azure/ee460782.aspx#bk_cert

    20 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  API Apps  ·  Flag idea as inappropriate…  ·  Admin →

    Thank you for your feedback!

    For the time being you can use service principle auth to programmatically authenticate with an API if you are using AAD auth. https://docs.microsoft.com/en-us/azure/app-service-api/app-service-api-dotnet-service-principal-auth

    We would like to add general cert auth to App Service authentication/authorization in the future. I am placing this item in “unplanned” to be used in future planning sessions.

    Thanks!
    Alex
    Azure App Service Team

  3. [Linux] Ability to move a Web App to a different App Service plan

    Enable the 'Change App Service Plan' blade for Linux web apps in order to allow Linux apps to be moved to a different App Service plan in the way Windows apps can be moved now.

    19 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Linux  ·  Flag idea as inappropriate…  ·  Admin →
  4. Aggregated logs for Linux App Service instances

    To access logs for my Linux App Service instance i have to go to myapp.scm.azurewebsites.net/api/logs/docker and it lists all the instances i have running with a link to the log file for each node. This is cumbersome when trying to debug an issue. Could we have an option under diagnostic logs to target a storage Table and have these aggregated as one source

    19 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Linux  ·  Flag idea as inappropriate…  ·  Admin →
  5. Limit number of accepted client certificates when doing mutual TLS

    I want to be able to control the trusted issuers list sent to the web browser so that list of allowed certificates can be filtered in the browser. This was possible in IIS and with Azure Cloud Service I believe but how can we do it in a Azure web app?

    What I basically want to do is set the content of the certificate_authorities field in CertificateRequest sent by the server to the browser in the TLS handshake as stated in RFC5246.

    18 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    4 comments  ·  Flag idea as inappropriate…  ·  Admin →
  6. Slot swapping should check if cache is ready (applicationInitialization ignored)

    After we incurred some downtime in our app service due to infrastructure updates on azure storage, we implemented the local cache feature to combat this. In doing so, this meant that we had to implement slots with preview in order to warm up the cache, ensuring that it is ready to serve before swapping. In implementing this we found that we had to also implement applicationInitialization in our web config.

    Our experience shows that this configuration is being ignored. So that first applyingSlotConfig and then Slotsswap operations via powershell swaps slots without ensuring that the site is ready.

    Our suggestion…

    18 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  7. Support Weibo for authentication

    Weibo is the 'twitter' of China, which is of course a large market. It would be great if Weibo was plugged into the existing Mobile Services Authentication service.

    18 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  8. [Linux] Allow remote debugging of .NET core apps hosted by linux app services

    It is currently not possible to remote debug .NET core applications running on Azure Linux App Services. Please consider to add remote debugging to the feature list of Linux App Services.

    17 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Linux  ·  Flag idea as inappropriate…  ·  Admin →
  9. Enable Http2 / Server push on worker instances in app service

    Now that Azure Web Apps supports Http/2 but is limited to only fAzure Front end (just like how ssl does) requests to worker should also support Http/2 to get full advantage out of it.

    Server push is not currently available on app service.
    Server push allows the server to push resources to the client ahead of time via PUSH_PROMISE

    https://developers.google.com/web/fundamentals/performance/http2/#push_promise_101

    16 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  10. Web App on Linux MySQL support within the web app (same as Web Apps)

    Enable MySQL within the Linux Web App, as the IIS Web Apps have.

    16 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Linux  ·  Flag idea as inappropriate…  ·  Admin →
  11. Support sending web server logs to OMS Log Analytics workspace

    Web Server logs can currently be written to a Blob storage account. However, it would be great if the logs could be sent directly to an OMS Log Analytics workspace.

    16 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Flag idea as inappropriate…  ·  Admin →
  12. Ability to set different machinekey for each deployment slot

    There must be a way to set different machinekey element for different deployment slots. So that user authenticated on one slot don't get authenticated on all slots.

    Currently machinekey can only be configured in web.config. and web.config gets also gets swapped when slots are swapped.

    16 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  13. Gradle plugin support on Azure App Service

    Wish to see Gradle plugin support on Azure Apps Service.
    This available plugin here -https://github.com/lenala/azure-gradle-plugins -is for testing purpose only (not recommended for production).

    16 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  14. app service change

    Change App Service Plan for a Web App does not always provide existing App Service Plans that are in the same location and resource group. Apparently if the app service plan is in another "webspace" it's not available. Cloning or redeploying is time consuming. We find this very limiting. Please enhance Change App Service Plan to work across web spaces.

    16 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  15. Remove Weak SSL Cyphers from App Services

    App Services currently supports the following Cyphers:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Cryptography\Configuration\Local\SSL\00010002
    (Default) REG_SZ NCRYPT_SCHANNEL_INTERFACE
    Functions REG_MULTI_SZ
    TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256\
    0TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384\
    0TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256\
    0TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P384\
    0TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P256\
    0TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P384\
    0TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P256\
    0TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P384
    \0TLS_DHE_RSA_WITH_AES_256_GCM_SHA384\
    0TLS_DHE_RSA_WITH_AES_128_GCM_SHA256\
    0TLS_RSA_WITH_AES_256_GCM_SHA384\
    0TLS_RSA_WITH_AES_128_GCM_SHA256\
    0TLS_RSA_WITH_AES_256_CBC_SHA256\
    0TLS_RSA_WITH_AES_128_CBC_SHA256\
    0TLS_RSA_WITH_AES_256_CBC_SHA\
    0TLS_RSA_WITH_AES_128_CBC_SHA\
    0TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384_P384\
    0TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P256\
    0TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P384\
    0TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384_P384\
    0TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P256\
    0TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P384\
    0TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P256\
    0TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P384\
    0TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P256\
    0TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P384\
    0TLS_DHE_DSS_WITH_AES_256_CBC_SHA256\
    0TLS_DHE_DSS_WITH_AES_128_CBC_SHA256\
    0TLS_DHE_DSS_WITH_AES_256_CBC_SHA\
    0TLS_DHE_DSS_WITH_AES_128_CBC_SHA\
    0TLS_RSA_WITH_3DES_EDE_CBC_SHA\
    0TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA\
    0TLS_RSA_WITH_RC4_128_SHA\
    0TLS_RSA_WITH_RC4_128_MD5\
    0TLS_RSA_WITH_NULL_SHA256\
    0TLS_RSA_WITH_NULL_SHA\
    0SSL_CK_RC4_128_WITH_MD5\
    0SSL_CK_DES_192_EDE3_CBC_WITH_MD5

    All Old/Weak Cyphers should be removed to increase security of the service.

    16 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Flag idea as inappropriate…  ·  Admin →
  16. Update Web App ModSecurity module to 2.9.2

    The current version of the ModSecurity module that is integrated in the IIS of the Web App Services is 2.8.0.
    This version of ModSecurity has issues with the IP + Port formatting of the AlwaysOnline service. Please update it to 2.9.2.

    16 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  17. Add a Remove-AzureRmWebAppCertificate cmdlet

    There is no PowerShell cmdlet for Remove-AzureRmWebAppCertificate. This would be really useful to enable cleanup of old certificates that are no longer used.

    (Note: I'm aware that using Remove-AzureRmWebAppSSLBinding will clean up a certificate if it's not referenced anymore. However, in production applications we don't want to use that cmdlet when updating an SSL certificate - we instead use New-AzureRmWebAppSSLBinding to overwrite the existing binding to the new certificate. The New-AzureRmWebAppSSLBinding cmdlet doesn't clean up the unused old certificate.)

    16 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Flag idea as inappropriate…  ·  Admin →
  18. Add alerts/notification for Auto heal application.

    Adding alerts or notification when the there is a Proactive auto healing or Mitigation rules in the application.

    16 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  API Apps  ·  Flag idea as inappropriate…  ·  Admin →
  19. Use actual endpoint testing for custom domains rather than checking CNAME value

    Our domain is “example-domain.com”. Let’s say I’m trying to set up an App Service called “booking-service”, which will be assigned the default URL of “booking-service.azurewebsites.net”. At the *end* of this whole process, I want to have an App Service in Azure responding to the hostname “booking-service.example-domain.com”, sitting behind our CDN (Cloudflare).

    The failing path:
    Step 1: I create the App Service in Azure. This generates the “booking-service.azurewebsites.net” URL.
    Step 2: I create the CNAME “booking-service.example-domain.com” on Cloudflare’s control panel pointing to “booking-service.azurewebsites.net”, leaving the proxy/CDN/IP-hiding feature *enabled*. While in their control panel, we select the “CNAME” record type, however in…

    15 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Deployment  ·  Flag idea as inappropriate…  ·  Admin →
  20. Install odbc driver in Python Stack images

    I created a new Web app with Python 3.7 runtime. I created and deployed a python script, using pyodbc.
    A query on my Azure SQL database results in an error that it can not find the drivers to connect to Microsoft Sql Server:

    2018-11-12T15:37:56.956170588Z File "/home/site/wwwroot/apps/download.py", line 7, in <module>
    2018-11-12T15:37:56.956174588Z import pyodbc
    2018-11-12T15:37:56.956178388Z ImportError: libodbc.so.2: cannot open shared object file: No such file or directory

    Is it possible to have this driver in the Python Runtime Web app?

    15 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base