For this example, the Azure web app has:
- a custom domain name Read here how to apply a custom domain to an Azure Web App.
- is running in a Basic 1 Tier (first pricing level that supports SSL certificates)
- has an SSL certificated applied and working correctly. Read here how to add an SSL certificate to Azure Web App.
Enforcing HTTPS will redirect the HTTP, so web app users will always end up at the HTTPS site. This will be done be defining a rewrite rule in the web.config file for the web app.
1. Navigate to the Kudu debug console for the Azure web app: https://<appname>.scm.azurewebsites.net/DebugConsole
2. Go to D:\home\site\wwwroot
3. Open web.config for edit (pencil icon)
4. Copy the following code into the web.config file > Save
<?xml version="1.0" encoding="UTF-8"?> <configuration> <system.webServer> <rewrite> <rules> <!-- BEGIN rule TAG FOR HTTPS REDIRECT --> <rule name="Force HTTPS" enabled="true"> <match url="(.*)" ignoreCase="false" /> <conditions> <add input="{HTTPS}" pattern="off" /> </conditions> <action type="Redirect" url="https://{HTTP_HOST}/{R:1}" appendQueryString="true" redirectType="Permanent" /> </rule> <!-- END rule TAG FOR HTTPS REDIRECT --> </rules> </rewrite> </system.webServer> </configuration>
NOTE: If there are other rule tags in the web.config file, be sure to place the copied HTTPS Redirect as the first rule.
NOTE: This rule returns a Permanent redirect to the HTTPS protocol whenever the user requests a page using HTTP. i.e. It redirects http:// alvarnet.com to https://alvarnet.com
5. Verify that the HTTP page is redirected to HTTPS.