Develop Reference

dynamicIpSecurity is not Working on Azure App Service

In Azure WebApp, we defined DynamicIpRestriction as follows:.
<security>
<dynamicIpSecurity enableLoggingOnlyMode="false" enableProxyMode="true">
<denyByConcurrentRequests enabled="true" maxConcurrentRequests="10" />
<denyByRequestRate enabled="true" maxRequests="30" requestIntervalInMilliseconds="500" />
</dynamicIpSecurity>
<ipSecurity enableProxyMode="true" allowUnlisted="false" >
<add allowed="true" ipAddress="1.2.3.4" subnetMask="255.255.255.255" />
</ipSecurity>
<requestFiltering>
<requestLimits maxAllowedContentLength="524288000" />
</requestFiltering>
</security>
The WebApp consists of ASP.NET 4.8.
With this definition, if 10 requests were made at the same time, more than 11 requests were expected to be rejected at 403.
However, I started 100 concurrent threads in Apache JMeter and made 10 repeated requests, but never 403.
Is there a mistake in the definition?
I would appreciate your support.

I have set the Dynamic Ip Security in App Service. Using below steps
Goto App Service, Goto Advanced Tools under development tools Click on Go as below
Now it will take you to the below page as shown & Clik on Site Extensions
Goto Gallery & search for Dynamic and click on search button and add it.
After adding, we will be redirected to the below page where you can add your Dynamic Ip Security settings as below
-After updating the settings, Go back to Overview and click on Restart as below. So, the setting will update for app service
_ Open Apache JMeter as below
Use the URL of App Service and hit on execute
Goto view result in table to see the Output

How to: Password Protect Azure App service

I have website that is Hosted in a Azure App Service. are there any options in azure so that I can put a password on the website. Ideally without changing the websites code.
Just a basic password or user name and password, doesn't need to be google or facebook login or AD login.
It is a .net based website and I have seen a few options to do this, but it means I have to change the code of the website in someway or another.
Surely with all that sophisticated cloud technology, I can go in to the portal and set a password at a server level? - Or is the only way to make some kind of change to the application?

It is possible to enable Basic Authentication for Azure Web Apps with some settings in the applicationHost.xdt. You can load some modules in this file on the start of your Web App.
Steps:
Navigate to your WebApp in the Azure Portal
In the left menu, search for the header Development Tools an select Advanced Tools (Kudu)
Use the Debug Console > CMD tool, to navigate to the WebApp directory: \home\site
Create a file named: applicationHost.xdt
Paste the following:
<?xml version="1.0"?>
<configuration xmlns:xdt="http://schemas.microsoft.com/XML-Document-Transform">
<location path="%XDT_SITENAME%" xdt:Locator="Match(path)">
<system.webServer>
<rewrite xdt:Transform="InsertIfMissing">
<allowedServerVariables xdt:Transform="InsertIfMissing">
<add name="RESPONSE_WWW_AUTHENTICATE" xdt:Locator="Match(name)" xdt:Transform="InsertIfMissing" />
</allowedServerVariables>
<rules xdt:Transform="InsertIfMissing">
<rule name="BasicAuthentication" stopProcessing="true" xdt:Transform="InsertIfMissing" xdt:Locator="Match(name)">
<match url=".*" />
<conditions>
<add input="{HTTP_AUTHORIZATION}" pattern="^Basic dXNlcjpwYXNzd29yZA==" ignoreCase="false" negate="true" />
</conditions>
<action type="CustomResponse" statusCode="401" statusReason="Unauthorized" statusDescription="Unauthorized" />
<serverVariables>
<set name="RESPONSE_WWW_AUTHENTICATE" value="Basic realm=Project" />
</serverVariables>
</rule>
</rules>
</rewrite>
</system.webServer>
</location>
</configuration>
Change the Basic Auth to your liking (default in example is: user:password)
Make sure the web.config rewrite rules don't contain <clear /> as this wil remove the effects from the applicationHost.xdt file
Save the file and Stop and Start your WebApp (a simple Restart will not suffice)
Notes:
Not sure if this works on Linux based WebApps..
You can add this step to you're deployment pipelines by using FTP
Update: I've noticed issues with applicationHost.xdt while using it on secondary Web App slots. Only the primary slot seems to work.
PS: Cross-post from my answer here.

You can use Authentication and authorization in Azure App Service.
Authentication/Authorization was previously known as Easy Auth.
Azure App Service provides built-in authentication and authorization support, so you can sign in users and access data by writing minimal or no code in your web app, RESTful API, and mobile back end, and also Azure Functions. This article describes how App Service helps simplify authentication and authorization for your app.
Source: Authentication and authorization in Azure App Service and Azure Functions.
EDIT:
The above is a solution to have a password protected App Service without changing any code whatsoever. At this point there is no alternative, as you can see in the open feedback issue Allow HTTP Basic authentication on basic apps
Hi everyone, we understand the demand for this feature, but we do not plan to support authentication at this level. We suggest using EasyAuth for this scenario.
https://learn.microsoft.com/en-us/azure/app-service/overview-authentication-authorization
EDIT 2:
This method forces the user to use google or facebook, etc...
This is not true. You can also create a user in your Azure Active Directory and use that one with Easy Auth. The username would be something like username#<YOUR-TENANT>.onmicrosoft.com

How to add/set new environmental varaible in Azure web app web.config file

I have one application deployed on Microsoft Azure Web App. In that I have created web.config file.
I have 2 custom domain linked to my web app
api-stage.example.com
api-prev.example.com
I want to set 1 environment variable named PLATFORM when my API is accessed.
Eg. When I access api using api-stage.example.com I want to set value of PLATFORM to stage and when I access api using api-prev.example.com, I want to set value of PLATFORM to prev.
I access this env variable in code like below
$platform = getenv('PLATFORM');
Content of my web.config file looks like below.
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<httpProtocol allowKeepAlive="true">
</httpProtocol>
<staticContent>
<mimeMap fileExtension=".json" mimeType="application/json" />
</staticContent>
<rewrite>
<rules>
<rule name="ABC" stopProcessing="true">
<match url=".*" />
<conditions logicalGrouping="MatchAll">
<add input="{REQUEST_FILENAME}" matchType="IsFile" negate="true" />
<add input="{REQUEST_FILENAME}" matchType="IsDirectory" negate="true" />
</conditions>
<action type="Rewrite" url="index.php" />
</rule>
</rules>
</rewrite>
<handlers>
<remove name="OPTIONSVerbHandler" />
<remove name="PHP56_via_FastCGI" />
<add name="PHP56_via_FastCGI" path="*.php" verb="GET, HEAD, POST, OPTION, DELETE, PUT, TRACE" modules="FastCgiModule" scriptProcessor="D:\Program Files (x86)\PHP\v5.6\php-cgi.exe" resourceType="Either" requireAccess="Script" />
</handlers>
</system.webServer>
</configuration>
Can anybody help me how to do this? Which block I need to add in web.config file. I cannot do this using Azure Portal via Application Setting, because it allows me to set only one value for PLATFORM varaible. But I want to set and access it using hostname which i am using to call an API.

If you don't want to set variables in the portal, you could refer to this doc: Configure app settings.
For ASP.NET and ASP.NET Core developers, setting app settings in App Service are like setting them in in Web.config or appsettings.json
Note:values in App Service override the ones in Web.config or appsettings.json. For other languages, the doc also provide the link.
And the below is my test. Trying to use System.Configuration.ConfigurationManager.AppSettings["testkey"] to get the value.
Hope this could help you. And from your description, you deploy two environment webs into one app service,one is stage and one is prev. So why not try the staging slots if you are using Standard, Premium, or Isolated App Service plan tier.

Asp.net Core Web API - Current user & Windows Authentication

We have following technical stack in our application
AngularJS2
Asp.Net Core API
SQL Server
Now we need to store User Name for the Logged in User in table during Create/Edit for given item i.e. in Core API.
We have tried with
WindowsIdentity.GetCurrent().Name, it gives IIS APPPOOL\Asp.netCore
HttpContext.User.Identity gives null value
I get User Name with WindowsIdentity while working with Visual Studio, but with IIS, it gives value as Asp.Netcore i.e. pool name
Windows Authentication is enabled and Anonymous Authentication is disabled
Using IIS Version 6.1
Am I missing anything?

Do you have the forwardWindowsAuthToken set to true in the web.config?
<aspNetCore processPath="%LAUNCHER_PATH%" arguments="%LAUNCHER_ARGS%" stdoutLogEnabled="false" stdoutLogFile=".\logs\stdout" forwardWindowsAuthToken="true"/>

I looked around and it was suggested to create Asp.Net Core WebApi application using Windows Authentication.
So when i created Asp.Net Core WebApi using Windows Authentication it worked and i got values in User.Identity objects.
So i created 2 applications i.e. one with Windows Authentication and one without, and then compared all files and found changes in following files
forwardWindowsAuthToken - true, this was tried before but issue was not solved and same was suggested by Daboul
launchSettings.json, Set windowsAuthentication: true & anonymousAuthentication: false
After doing this, I was able to values in User.Identity object.
The launchSettings.json file:
{
"iisSettings": {
"windowsAuthentication": true,
"anonymousAuthentication": false
}
}
The Web.Config:
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<system.webServer>
<handlers>
<add name="aspNetCore" path="*" verb="*" modules="AspNetCoreModule" resourceType="Unspecified" />
</handlers>
<aspNetCore forwardWindowsAuthToken="true" processPath="C:\Program Files\dotnet\dotnet.exe" arguments=".\YourWebsite.dll" stdoutLogEnabled="true" stdoutLogFile=".\logs\stdout" />
<security>
<authentication>
<windowsAuthentication enabled="true" />
<anonymousAuthentication enabled="false" />
</authentication>
</security>
</system.webServer>
</configuration>

On Windows Server 2012 R2/IIS 8.0, even after setting forwardWindowsAuthToken=true in web.config, User.Identity.Name was not returning the user name but IIS APPPOOL so to resolve the issue I made below change;
Go to the web application in IIS
Open Configuration Editor
Change Section to system.webServer/serverRuntime
Change authenticatedUserOverride to UseAuthenticatedUser (for me it was set to UseWorkerProcessUser)
For further details refer to below link;
https://blogs.iis.net/jaroslad/what-does-the-authenticateduseroverrideuser-do

Azure Membership UI

Using AspProviders (TableStorageMembershipProvider etc) from Microsoft WCF Azure Samples.
It is WCF Service Web Role, and in Azure Storage Explorer I can see Membership, Roles and Session tables appearing nicely when I try to connect.
But is there any exisiting code to manage Membership and Roles?
Some ASPX pages I guess, something like this for plain old ASP.NET, but more modern and Azure-tested hopefully?
Thanks,
Andres

To my surprise, Peter Kellner's solution I mentioned works just fine. Here are the steps to follow: Add AspProviders (from WCF Azure Samples) to your solution. Create Azure ASP.NET Web Role (let's call it MembershipAdmin), reference AspProviders from it. Add Membership.aspx and other aspx/cs files from Peter Kellner's solution, mark Membership.aspx as "Set As Start Page". In MembershipAdmin's Web.config, find and replace sections "membership" and "roleManager", and add section "appSettings" (the latter goes directly under root configuration). Examples of these sections are below, just change "YourTargetService" to what your real service name is. Actually it's going to mirror Web.config of your real service, regarding these sections (well, you need a few more tricks there, too - as a matter of completeness I'd like to mention I got help from here and here). Then just run, and appearing Membership.aspx is quite self explaining. Of course securing that page will be obviously your next worry, but at least now roles/users can be managed, and they appear nicely into Azure Table Storage.
<membership defaultProvider="TableStorageMembershipProvider" userIsOnlineTimeWindow="20">
<providers>
<clear />
<add name="TableStorageMembershipProvider" type="Microsoft.Samples.ServiceHosting.AspProviders.TableStorageMembershipProvider" description="Membership provider using table storage" applicationName="YourTargetService" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" minRequiredPasswordLength="1" minRequiredNonalphanumericCharacters="0" requiresUniqueEmail="true" passwordFormat="Hashed" />
</providers>
</membership>
<roleManager enabled="true" defaultProvider="TableStorageRoleProvider" cacheRolesInCookie="true" cookieName=".ASPXROLES" cookieTimeout="30" cookiePath="/" cookieRequireSSL="false" cookieSlidingExpiration="true" cookieProtection="All">
<providers>
<clear />
<add name="TableStorageRoleProvider" type="Microsoft.Samples.ServiceHosting.AspProviders.TableStorageRoleProvider" description="Role provider using table storage" applicationName="YourTargetService" />
</providers>
</roleManager>
<appSettings>
<add key="TableStorageEndpoint" value="http://127.0.0.1:10002/devstoreaccount1" />
<add key="BlobStorageEndpoint" value="http://127.0.0.1:10000/devstoreaccount1" />
<add key="AccountName" value="devstoreaccount1" />
<add key="AccountSharedKey" value="Eby8vdM02xNOcqFlqUwJPLlmEtlCDXJ1OUzFT50uSRZ6IFsuFq2UVErCz4I6tq/K1SZFPTOtr/KBHBeksoGMGw==" />
<add key="DefaultMembershipTableName" value="Membership" />
<add key="DefaultRoleTableName" value="Roles" />
<add key="DefaultSessionTableName" value="Sessions" />
<add key="DefaultProviderApplicationName" value="YourTargetService" />
<add key="DefaultProfileContainerName" />
<add key="DefaultSessionContainerName" />
</appSettings>