Ian Obermiller

Part time hacker, full time dad.

Require HTTPS on Azure

Posted 2012-07-20

Once you have configured an Azure web role with an SSL certificate and setup the port configuration in the Azure project, you may want to redirect anyone who comes to the http:// version of your page to the secured https:// version. To do so in production, add the following to your Web.Release.config:

<system.webServer>
    <rewrite xdt:Transform="Insert">
        <rules>
            <rule name="RedirectToHTTPS" stopProcessing="true">
                <match url="(.*)" />
                <conditions>
                    <add input="{HTTPS}" pattern="off" ignoreCase="true" />
                </conditions>
                <action type="Redirect" url="https://{SERVER_NAME}/{R:1}" redirectType="Permanent" />
            </rule>
        </rules>
    </rewrite>
</system.webServer>

Some important things to note:

  • The rewrite node has the attribute xdt:Transform="Insert", because Web.config does not contain that node, so the transform needs to know to insert it.
  • The name attribute of rule must not have spaces; the rule won't work correctly in IIS on Azure with spaces in the name.

References