Question

Photo of Jez Hailwood

0

Enforcing HTTPS on Azure

2

I've secured our internal and external sites with an SSL certificate, but I'd like to enforce HTTPS on Azure. I'm looking at http://azure.microsoft.com/en-us/documentation/articles/web-sites-configure-ssl-certificate/#bkmk_enforce, but being new to .NET I'm not sure which approach I'm supposed to take. I have a few questions:

  1. Assuming I'm supposed to edit web.config, will my rules be overwritten by a future update?
  2. How do I format rules to handle both my internal and external URLs?
  3. <system.webServer> appears twice in web.config, but which is the correct location for the rewrite rules?

Thanks!

  • Photo of Kelley Langkamp

    1

    I can't answer the question about the rule being overwritten. I'll leave that for one of the devs.

    For my Azure install, I used the IIS rewrite rule from http://blog.smarx.com/posts/redirecting-to-https-in-windows-azure-two-methods. I simply added another <system.webServer> section to my web.config file. Using that rule worked for both my internal and external URLs. If you copy/paste his rule into it's own section, make sure to add the closing </syste.webServer>. I didn't realize it was missing and everything broke...

    • Jez Hailwood

      Jez Hailwood

      Thanks for this. Inspired by your answer, I applied the URL rewrite example from the Azure docs (within the existing <system.webServer> section) and it all works a treat!

    • Photo of David Turner

      0

      The web.config does not get overwritten during an update. The update "transforms" the web.config file to apply any needed changes.