Once you have uploaded your SSL certificates to your Azure App Service and then configured the bindings (if you are using your own custom domains), there are two ways to force ALL requests to be redirected from HTTP to HTTPS. The ‘Developer way‘ and the ‘Easy, no code way‘!
If you have published your own code, then one way is to manually alter the web.config file with an IIS URL Rewrite and publish the changes.
If using ASP.NET MVC 3 or later then you can just decorate you controller class or methods with [RequireHttps] attribute too, but these days you really should be using HTTPS for everything.
To that end, the MVC 3 + way is to the whole site redirects to HTTPS (without needing attributes) is to add
to the FilterConfig.RegisterGlobalFilters() method.
See https://blogs.msdn.microsoft.com/benjaminperkins/2014/01/07/https-only-on-windows-azure-web-sites/ for details on what you need to do to add the rewrite rule.
Easy, No code way
However, if you have just used one of the many templates to create an App Service, such as a WordPress site, then you probably don’t want to go messing with the web.config files yourself if you can avoid it.
So, the easiest, non techie way is to add the ‘Redirect HTTP to HTTPS’ Extension kindly created by Greg Hogan (https://github.com/gregjhogan)
- In the Azure Portal, select ‘Extensions’ in the App Service blade
- Add a new Extension by clicking on the ‘+Add’ button at the top
- Select the ‘Redirect HTTP to HTTPS’ extension from the list given.
- Agree to the T&C’s
- Wait till it’s installed and then restart the service (which you can find in the ‘Overview’)
CAUTION: Don’t do this until you have tested that your site work using HTTPS first!
For more information see https://docs.microsoft.com/en-us/azure/app-service-web/web-sites-configure-ssl-certificate ). Alternatively watch out for my blog coming soon on using ‘Let’s Encrypt‘ for App Services.