Ian Obermiller

Part time hacker, full time dad.

Require HTTPS on Azure

Once you have configured an Azure web role with an SSL certificate and setup the port configuration in the Azure project, you may want to redirect anyone who comes to the http:// version of your page to the secured https:// version. To do so in production, add the following to your Web.Release.config:

<system.webServer>
    <rewrite xdt:Transform="Insert">
        <rules>
            <rule name="RedirectToHTTPS" stopProcessing="true">
                <match url="(.*)" />
                <conditions>
                    <add input="{HTTPS}" pattern="off" ignoreCase="true" />
                </conditions>
                <action type="Redirect" url="https://{SERVER_NAME}/{R:1}" redirectType="Permanent" />
            </rule>
        </rules>
    </rewrite>
</system.webServer>

Some important things to note:

  • The rewrite node has the attribute xdt:Transform="Insert", because Web.config does not contain that node, so the transform needs to know to insert it.
  • The name attribute of rule must not have spaces; the rule won’t work correctly in IIS on Azure with spaces in the name.

References

Comments

  1. Is this required if running ASP.NET MVC4, and registering the RequireHttps filter on application start?

    The code for this filter does the redirection, but it doesn’t seem to be working on my Azure Web Role. When I access any page using HTTP, I get a “Page can’t be displayed”. It seems like the site is only accessible when i type HTTPS on the url, despite having that filter registered globally.

    Comment by Thiago Silva — May 3, 2013 @ 5:32 pm

toggle comment form or trackback

Leave a Reply