HowTo:Configure SSL(https) for specific page(s) while hosting the application in Windows Azure

When hosting web applications in Windows Azure, developers have an option to configure endpoints using which https can be enabled for the application. However, this will provide the ability to secure entire application. What if, you would like to configure SSL only for specific page or few pages that needs to be secured? And you want the rest of the pages to be served via http (non secured channel).

I'm summarizing the steps below that can be used to configure SSL only for a specific page. Same approach can be followed to enable SSL for multiple pages.

  1. Create Windows Azure Project with ASP.net Web role

  2. Add a certificate that you would like to use for enabling SSL

    sitecert

  3. Add two endpoints, one for http and another for https.For the https endpoint configure the certificate that is created in 2nd step

    endpoints

    Note: It is important to enable both http, https endpoints since our objective is to configure SSL only for specific page. Rest of the content should be available via http

  4. Add new aspx page to the site and name it sslpage.aspx. Wewill configure SSL for this page.

  5. In this example, we will be using ServerManager class of Microsoft.Web.Administration assembly tomodify IIS configuration for enabling SSL. This task requires admin privileges. By default Windows Azure roles run under locked down privileges. To ensure that role code can perform Administrative tasks, we would need to run the role under elevated context. This can be achieved by configuring executionContext to “elevated” Under <Webrole> element in ServiceDefinition.csdef file

    <WebRole name="sslRole" vmsize="Small">
    <Runtime executionContext="elevated" />

  6. Add Reference to Microsoft.Web.Administration.dll (Default location of this dll is %System32%\inetsrv)

  7. Configure “Copy Local” to true for Microsoft.Web.Administration.dll

  8. Add below code to OnStart method

    public override bool OnStart() {

    // Create new ServerManager object to modify IIS7 configuration

    ServerManager serverManager = new ServerManager();

    // Retrieve Current Application Host Configuration of IIS

    Configuration config = serverManager.GetApplicationHostConfiguration();

    //Since we are looking to enable SSL for only specific page, get the section of configuration which needs to be changed for specific location

    //Website name can be obtained using RoleEnvironment.CurrentRoleInstance.Id and then append "_" along with actual site name specified in ServiceDefinition.csdef

    //Default name of the website is Web. If you have specified different sitename, please replace "Web" with the specified name in below line of code

    ConfigurationSection section = config.GetSection("system.webServer/security/access", RoleEnvironment.CurrentRoleInstance.Id + "_Web" + "/sslpage.aspx");

    //Get the sslFlags attribute which is used for configuring SSL settings

    ConfigurationAttribute enabled = section.GetAttribute("sslFlags");

    //Configure sslFlags value as "ssl". This will enable "Require SSL" flag

    enabled.Value = "Ssl";

    //Save the changes. If role is not running under elevated executionContext, this line will result in exception

    serverManager.CommitChanges();

     

    return base.OnStart();

    }

     

  9. Deploy the service to Windows Azure and test SSL functionality for sslpage.aspx

Download sample project here