CODEWITHSUNDEEP
sslazure
terfdaq
terfdaq

Reputation: 100

Azure Cloud Service with SSL on Sub-Domain

I have an Azure Cloud Service set up as follows:

<Sites>
  <Site name="Web" physicalDirectory="../SampleWebsite/">
    <Bindings>
      <Binding name="HttpIn" endpointName="HttpIn" />
    </Bindings>
  </Site>
  <Site name="Admin" physicalDirectory="../SampleWebsite/Admin">
    <VirtualApplication name="Admin" physicalDirectory="../SampleWebsite/Admin">
    <Bindings>
      <Binding name="HttpsIn" endpointName="HttpsIn"/>
    </Bindings>
  </Site>
</Sites>
<Endpoints>
  <InputEndpoint name="HttpIn" protocol="http" port="80" />
  <InputEndpoint name="HttpsIn" protocol="https" port="443" certificate="www.domain.com" />
</Endpoints>
<Certificates>
  <Certificate name="www.domain.com" storeLocation="LocalMachine" storeName="My" />
</Certificates>

I am trying to require SSL for the https://www.domain.com/Admin directory. However, this configuration allows connection to this URL without SSL. Is there a way to require SSL on a sub-directory in Azure?

Upvotes: 2

Views: 681

Answers (2)

viperguynaz
viperguynaz

Reputation: 12174

Use breischi's answer if you are using MVC and implement the [RequiresSSL] attribute for any controller and/or action you want to force through SSL. Otherwise, you could also use Url Rewrite to accomplish the task (add rule to web.config):

<rule name="Force HTTPS" enabled="true">
    <match url="^.*/Admin/(.*)$" ignoreCase="false" />
    <conditions>
        <add input="{HTTPS}" pattern="off" />
    </conditions>
    <action type="Redirect" url="https://{HTTP_HOST}/Admin/{R:1}" appendQueryString="true" redirectType="Permanent" />
</rule>

Upvotes: 2

Brian Reischl
Brian Reischl

Reputation: 7356

If /SampleWebsite/ has all the code for the /Admin/ subdirectory, I don't think there's a way to prevent users from connecting to it with HTTP. I think you have a couple of options here:

  1. Enforce HTTPS at the application level. There are a lot of ways to do that, depending on how your application is organized. For instance, if you're using ASP.NET MVC, here's an option. You could also roll your own solution using code in the Global.asax handler, or using an HttpModule, or any number of other ways.
  2. Split out the /Admin/ subdirectory into its own separate site. Make sure the the site being served on HTTP doesn't have any of the code for the /Admin/ site - then there's no way it can serve that content. Set up a separate site in the .csdef, which you've already pretty much done, to serve the /Admin/ site.

Upvotes: 1

Related Questions