Web Apps

Web Apps in Azure App Service provides a scalable, reliable, and easy-to-use environment for hosting web applications. Select from a range of frameworks and templates to create a web site in seconds. Use any tool or OS to develop your site with .NET, PHP, Node.js, Python and more. Choose from a variety of source control options including TFS, GitHub, BitBucket and others to set up continuous integration and develop as a team.

More details about the services are available in the App Service documentation. If you have a technical issue, please open a post on the developer forums through Stack Overflow or MSDN.

Products that we listen to in this space include: App Service, Web Apps, API Apps and Web App for Containers.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. API Apps with AllowAnonymous

    Have a mix of authentication levels for different endpoints in the underlying Web API?

    API App to have access level of 'Public (authenticated)' but one of the endpoints needs to be accessible as an anonymous user. Previously I would have just applied the AllowAnonymous attribute on the method, but the gateway still intercepts and returns an unauthenticated response.

    Would be great to mark a specific method as allowing anonymous and the default behaviour to respect the gateway authentication level.

    30 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  API Apps  ·  Flag idea as inappropriate…  ·  Admin →

    Thank you for your feedback!

    Right now the workaround is to set your authentication/authorization option to enabled, but set the action for unauthenticated requests to “allow.” Then manually redirect unauthenticated requests to the secured endpoints to the authorization flow at /.auth/login/done.
    https://docs.microsoft.com/en-us/azure/app-service-mobile/app-service-mobile-how-to-configure-active-directory-authentication#optional-configure-a-native-client-application

    We would like to add more robust support for multiple auth levels in the future. I am placing this item in “unplanned” to be used in future planning sessions.

    Thanks!
    Alex
    Azure App Service Team

  2. Allow to NGEN an Azure Web App

    When deploying an Azure Web App, allow to NGEN some DLLs like EntityFramework to save on startup time. Currently, this requires administrator rights to which we don't have access. Even better would be to automatically NGEN it after a deployment.

    29 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  App Gallery  ·  Flag idea as inappropriate…  ·  Admin →
  3. Enable AAD Authentication for Multi-container Apps

    A common (if not best) practice is to compose applications of multiple containers for the sake of separation of concerns. However, Azure doesn't support authentication with Azure Active Directory for multi-container apps. Until this is in place, we can't deploy our applications to Azure in a clean way.

    29 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  App Service Environment  ·  Flag idea as inappropriate…  ·  Admin →
  4. Option to block TOR traffic from Azure WebSites

    Looking through my web logs, most traffice coming from TOR is unfortunately only used for trying to hack my site.
    Blocking TOR traffic is not trivial, since you must compare the IP to the long list of TOR exit servers.
    For websites that are really not used by e.g. dissidents it would be great to have a simple option to block it on Azure WebSites.

    Something like "Allow TOR traffice" On/Off

    29 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  5. [Linux] - Set Docker Image Tag as a slot setting in Application Settings of a Web App for Containers

    When swapping between staging and production slots of a Web App for Containers, it would be really handy to have the option of keeping the tag of each image in its respective slot (e.g. image:latest for production, image:dev for staging) and not get them to swap after each slot swap.
    Imagine you setup Continuous Deployment through Dockerhub. You push code changes on GitHub, and image build is triggered and then an image pull request from Azure to Dockerhub. If a swap has preceded the above flow, then newly build images would end up in the opposite from desired deployment slots. …

    29 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Linux  ·  Flag idea as inappropriate…  ·  Admin →
  6. Slot swapping should check if cache is ready (applicationInitialization ignored)

    After we incurred some downtime in our app service due to infrastructure updates on azure storage, we implemented the local cache feature to combat this. In doing so, this meant that we had to implement slots with preview in order to warm up the cache, ensuring that it is ready to serve before swapping. In implementing this we found that we had to also implement applicationInitialization in our web config.

    Our experience shows that this configuration is being ignored. So that first applyingSlotConfig and then Slotsswap operations via powershell swaps slots without ensuring that the site is ready.

    Our suggestion…

    29 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  7. Make it possible to deploy WebApp using custom domain and App Service managed certificate in one deployment

    Currently it is not possible to provision a new Microsoft.Web/sites resource using custom domain and App Service managed certificate using one deployment operation. This is because of cyclic dependency between Microsoft.Web/sites/hostNameBindings and Microsoft.Web/certificates resources. This is pretty confusing and inconvenient.

    The sequence of operation ARM needs to perform is as below:


    • create Microsoft.Web/sites resource

    • create Microsoft.Web/sites/hostNameBindings (without binding an SSL certificate because it does not yet exist) to link custom domain name to the Web App

    • create Microsoft.Web/certificates resource to issue a managed certificate for the custom domain (this requires custom domain to be linked)

    • now need to update existing …
    29 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Deployment  ·  Flag idea as inappropriate…  ·  Admin →
  8. See the number of outbound tcp connections (OpenSocketCount) and the count for each web app within a particular app service plan.

    See the number of outbound tcp connections (OpenSocketCount) for each web app within a particular app service plan. I have had issues were all web apps in that service plan were failing when accessing sql server or service bus relay (anything that needs an outgoing tcp connection) because the number of open tcp connections exceeded the plan limit. I had to request the information from support to figure out what web apps had the majority of the open sockets.

    29 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Flag idea as inappropriate…  ·  Admin →
  9. Limit number of accepted client certificates when doing mutual TLS

    I want to be able to control the trusted issuers list sent to the web browser so that list of allowed certificates can be filtered in the browser. This was possible in IIS and with Azure Cloud Service I believe but how can we do it in a Azure web app?

    What I basically want to do is set the content of the certificate_authorities field in CertificateRequest sent by the server to the browser in the TLS handshake as stated in RFC5246.

    28 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    5 comments  ·  Flag idea as inappropriate…  ·  Admin →
  10. Rewriting to /public is absolutely not the right way to change the document root

    After doing some reading, I'm seeing Azure actually suggesting to people running Laravel (and any others that don't host out of the root project structure) applications to use mod_rewrite to rewrite requests to point to "/public".

    This is an absolutely ridiculous suggestion and is effectively some of the worst advice you could give. Forcing people to have "/public" in their URL structure because you guys didn't take the time to research the bare-minimum configuration options for your offering is not in any way acceptable.

    I suggest you urgently add support for the ability to configure the document root. Not only…

    28 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Linux  ·  Flag idea as inappropriate…  ·  Admin →
  11. 31 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Flag idea as inappropriate…  ·  Admin →
  12. Display slots should list their full name in the resource lists.

    When you are viewing resources in the "All Resources" blade or in the "Resource Group" blade all slots are just listed using only their slot name, if you have many different web apps that all use slots you will see the same name repeated several times (see "Example Resource Group.PNG").

    I suggest you display the name from the resources blade the same way you display it in the delete menu if you are deleting the base web app "BaseName-SlotName" (See "delete example.PNG")

    28 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Flag idea as inappropriate…  ·  Admin →
  13. event log history

    We've had the issue where to diagnose a problem we've needed support to check the historical event logs to see that there was an error throwing, however, as the errors were sporadic, it's been exceedingly difficult to diagnose until support were able to trace exceptions thrown in historical event logs and we were then able to implement code fixes.

    Can a history of event logs be made available for us to access? Even going back a week or two would have been exceedingly useful!

    27 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Diagnostics  ·  Flag idea as inappropriate…  ·  Admin →
  14. minWorkerThreads : But it was difficult to determine this value

    We managed to resolve the “Poor Performance”, but we had to do a lot of reading, it was good that the profiler pointed us in the right direction suggesting to set this value MinWorkerThread
    • This request is spending time waiting in the CLR Thread pool queue. This has happen if there is a burst load of requests coming to the process or if there is HIGH CPU on the overall instance.
    • Recommendations : Increase minWorkerThreads setting if your application is getting burst load of requests.

    But it was difficult to determine this value.

    The following Very old link…

    27 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Documentation  ·  Flag idea as inappropriate…  ·  Admin →
  15. Add feedback on the Portal on Automatic Swaps

    When we configure a staging slot with Continuous Deployment and Auto-Swap we need some sort of visual feedback to know when the swap was done. Right now what we see is that the Active Deployment of the staging slot changes to the previous deploy checkpoint and that's how we know it swapped.
    It would be great if on the production slot we could get at least some sort of message saying the current Active Deployment that was swapped or at least some sort of visual aid.

    26 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  16. Manage HTTP Headers for Azure static website

    There doesn't seem to be a clear and defined way to manage HTTP headers with an Azure static website. I know this feature is still in preview but my team and I are attempting to make this into a production ready web application.

    I think most people utilizing the static website feature will be using javascript frameworks like Reactjs or Angular. Since there isnt a web.config to manage http headers it becomes unclear on how to approach this. The headers in question are Content Security Policy, X-Content-Type-Options, and X-XSS-Protection.

    Thanks!

    26 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Supportability  ·  Flag idea as inappropriate…  ·  Admin →
  17. Hybrid Connection settings lost on slot creation but included in slot swap

    Summary:
    When creating a new slot for an existing Web App, the Hybrid Connections are not copied to the created slot despite 'Configuration Source' being set to the production app, which has Hybrid Connections configured.

    This is a problem because slot swap operations DO include the Hybrid Connection configurations. Therefore in order to deploy using a new staging slot, one must reconfigure the Hybrid Connections each time before doing the final swap into production.

    Our particular use-case is that we are setting up an automated deployment process and would like the process to first recreate the staging slot by deleting…

    26 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Bugs  ·  Flag idea as inappropriate…  ·  Admin →
  18. Avoid default 403 when IP Restrinctions are configured on App Services

    Currently, when you configure ip restrinctions on App Services, the App Service is able to return the 403 default error page. It could be a proxy, I think. But many IT managers (clients, because I am an Azure consultant) gave me this idea.

    It could be better if our web applications does not return the 403 default page when the ip source does not in the whitelist

    This is the default 403 web page generated by Microsoft, when we have configured ip restrictions:

    Error 403 - This web app is stopped.
    The web app you have attempted to reach is…

    26 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  API Apps  ·  Flag idea as inappropriate…  ·  Admin →
  19. Strict-Transport-Security

    With the ability now to force HTTPS, it would be nice if Strict-Transport-Security HTTP Header should also be set and knock another finding off of the security report:

    Details on The Header:
    https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security

    25 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Flag idea as inappropriate…  ·  Admin →
  20. Add app service auto-healing history as a metric in Azure monitor.

    Add app service auto-healing history as a metric in Azure monitor.
    For now we can only see the history in diagnostics tools and it is hare to export.
    The similar request:
    https://feedback.azure.com/forums/169385-web-apps/suggestions/37375714-add-alerts-notification-for-auto-heal-application

    25 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Diagnostics  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base