If you want your Azure Front Door and Front Door Standard/Premium instances to access certificates in your Key Vault, you will need to grant the general Microsoft Azure Front Door CDN principal user some access to your Key Vault

Classic Front Door

Against Azure Powershell session run this (you won't be able to run this if you are only a Reader):

New-AzADServicePrincipal -ApplicationId "ad0e1c7e-6d38-4ba4-9efd-0bc77ba9f037"

 Then go your Key Vault -> Access Policy -> Add Access Policy -> Grant "Get" on Secret Permissions and Certificate Permissions to a user called - Microsoft.Azure.Frontdoor

Note! The user who performs the action to add the Key Vault certificate to the Front door instance should also have "Get" and "List" permissions to that same Key Vault for Secret and Certificate permissions

Front Door Standard/Premium (Preview)

Against Azure Powershell session run this (you won't be able to run this if you are only a Reader):

New-AzADServicePrincipal -ApplicationId "205478c0-bd83-4e1b-a9d6-db63a3e1e1c8"

Then go your Key Vault -> Access Policy -> Add Access Policy -> Grant "Get" on Secret Permissions and Certificate Permissions to a user called - Microsoft.AzureFrontDoor-Cdn

Note! The user who performs the action to add the Key Vault certificate to the Front door instance should also have "Get" and "List" permissions to that same Key Vault for Secret and Certificate permissions

Add a comment

By default not all HTTP methods or verbs are allowed in Azure App Service. In order to allow/remove methods/verbs we need to make configurational changes.

It really boils down to what stack is your App running on.

Web Apps (Windows)

In IIS handlers are responsible for different app stacks and this is where the allowed verbs are also configured. We can see how the different handlers are configured in the applicationHost.config file. More details on it in my other article.

Go to KUDU and open the applicationHost.config file - D:\Local\Config\applicationhost.config. Find <handlers accessPolicy="Read, Script"> row. From there you can examine how different technologies are configured.

Let's take PHP for example

Add a comment

Azure App Service is PaaS. This means that we have very limited capabilities of changing configurations. applicationHost.config file is one of them. It holds all the necessary settings for your Web App but it is read-only.

Location of the applicationHost.config file

You can find your Web App's applicationHost.config file in the following location:

D:\Local\Config\applicationhost.config

OR

https://webappname.scm.azurewebsites.net/api/vfs/localsiteroot/config/applicationHost.config

It loads the same applicationHost.config from D:\Local\Config

It is read-only and you cannot directly edit it but you can use it to check certain settings and how they are configured.

Making changes to the applicationHost.config file

The file can be read-only but we have certain ways of making changes. It can be done with Xdt Transformation

Here are some examples:

https://github.com/projectkudu/kudu/wiki/Xdt-transform-samples

https://github.com/uglide/azure-content/blob/master/articles/app-service-web/web-sites-transform-extend.md

https://github.com/projectkudu/kudu/wiki/Azure-Site-Extensions#understanding-what-could-go-wrong-with-xdt-transforms

You can do a lot of the changes suggested for the Xdt examples through web.config so the use of Xdt transform must be a very specific

 

Add a comment

In this article i will show you how to host a static website almost for free on Azure Storage and Microsoft CDN. You can host any static web pages and take advantage of javascript and CSS but not from any back-end language. Good example of a more advanced static content that you can host on the Azure Storage is Jekyll.

Table of Contents

Requirements

What do you need to have in order to complete the guide:

  • An active Azure subscription - Free/Pay as you go/Visual Studio/Partnership/EA/CSS
  • Custom domain hosted on Azure DNS (optional)
Add a comment