Custom Domain in WordPress on Azure Web App

Since I had to go through this process a few times lately, and it is not as straightforward as one could hope, I think the world needs this post 🙂

Create the DNS records

I have tried a number of options until I was able to get both the root domain and the www subdomain verified in Azure portal.
I am using CloudFlare, and my DNS records look like this:
dns cloudflare

Add custom domain to Azure Web App

At this point if you try to access your domain you will get the following error: “Error 404 – Web app not found … The web app owner has registered a custom domain to point to the Microsoft Azure App Service, but has not yet configured Azure to recognize it”
web app not found
 
To fix this error, you will need to add your custom domain as a hostname in Azure portal.
Browse to your Web App => All settings => Custom domains and SSL => HOSTNAMES ASSIGNED TO SITE, and add both the root and the www subdomain.
portal domains
You may need to allow for some time after you have configured your DNS records. The official time frame for propagating domains is up to 24 hours, but in my experience if the DNS is set correctly it won’t take longer than 20 minutes.

Now if you browse to your domain you will see your WordPress site, yay!
However, you aren’t done yet.
If you click on one of the links on the site you will notice that WordPress still redirects you to the initial domain on someone.azurewebsites.net. To fix that you need to update the domain set in WordPress itself.
 
DO NOT update it through WordPress Dashboard => Settings => General. This does not work (at least currently) and might lock you out of the application! 😯
Instead you will need to FTP into your site and change the functions.php of your currently active theme.

FTP into the site using FileZilla

Get FTP credentials:
In the portal, browse to your Web App and click on get publish profile.
get profile

Open the publish settings file you have downloaded, and look for FTP.
Copy the publishUrl, userName and userPWD into FileZilla and click Quickconnect. (The publishUrl is the Host).
 
filezilla
* I chose FileZilla for the demonstration since it is free and easy to use. You can certainly use other applications to FTP into the site.

Update siteurl in functions.php

Browse to your /site/wwwroot/wp-content/themes/THEME_NAME, where THEME_NAME is the name of your active theme.
Find the file functions.php and copy it over to your local machine (or simply right-click and choose View/Edit to edit the file on the fly).
Add the following two lines right after the opening

<?php

tag

update_option('siteurl','http://divineops.net');
update_option('home','http://divineops.net');

 
So, in my case the file now looks like this:
functions_php

 
Upload the file back into the site using FileZilla.
* Note that your active theme might not have a functions.php file. In this case you can add one yourself. Please read this post for further details https://codex.wordpress.org/Changing_The_Site_URL
 
Your site will be down for a couple of minutes, so wait for it to come back up and sign in. Now you can browse to WordPress Dashboard => Settings => General and see if the URL settings got updated:
wordpress url
Now that your site is back up and running, you should remove the lines you added from functions.php. The WordPress manual claims it is important to clean them up 😉

OK, we are good to go! Anyone who browses to your site will now be redirected to the siteurl you just set up as a root URL, regardless of how they got to the site in the first place. Happy browsing!

How to Configure User Access to Azure Resources

One of the great features of the “new” Azure Portal is granular user access. You can provide role-based access to entire subscriptions, resource groups or even specific resources. RBAC allows you to ensure that every employee in your organization has the appropriate level of access to the appropriate resources.

How do you set this up?
Here is a step-by-step walk through with pictures:

Add access to entire subscription

1. Sign in to the new portal https://ms.portal.azure.com/
2. Click Browse All => Subscriptions
3. Choose the subscription you need
4. Click Users

ua1

5. In Users pane click Add
6. Click Select a Role
7. Choose the appropriate role
8. Click OK in the Add access pane

ua2

9. In the Add Access pane click Add Users
10. Insert a valid Microsoft Account (former Live ID) email or choose from the list of users you have already added

ua3

Add access to a resource group

1. Sign in to the new portal https://ms.portal.azure.com/
2. Click Browse All => Resource Groups
3. Select the resource group you need
4. Click All Settings
5. In Settings pane click Users
6. Follow steps 6-10 from paragraph 1

ua4

Add access to a specific resource

1. Sign in to the new portal https://ms.portal.azure.com/
2. Browse to the specific resource you need
3. Click All Settings
4. In Settings pane scroll down and click Users
5. Follow steps 6-10 from paragraph 1

ua5

Partial Authentication with Azure Active Directory with WS Federation in an MVC Application

Given: an MVC web application that is authenticated with Azure Active Directory using WS Federation.

Problem: allow non-authenticated users to access the application, restrict some of the pages to authenticated users only.

Challenge: when you start a new project in Visual Studio 2013 and choose Azure Active Directory as your Identity provider you get a setup that is pre-configured to put the entire site behind authentication.

To re-configure your application to allow non-authenticated users, you will need to do the following:

Web.config
Change the authorization snippet to allow users.

<system.web>
    <authorization>
      <allow users="*" />
    </authorization>
	...
</system.web>

 
AccountController.cs
Add the SignIn Method

public ActionResult SignIn()
{
	if (Request.IsAuthenticated)
	{
		// Redirect to home page if the user is already signed in.
		return RedirectToAction("Index", "Home");
	}
	// Redirect to home page after signing in.	
	WsFederationConfiguration config = 
		FederatedAuthentication.FederationConfiguration
			.WsFederationConfiguration;

	string callbackUrl = 
		Url.Action("Index", "Home", 
			routeValues: null, protocol: Request.Url.Scheme);
		
	SignInRequestMessage signInRequest = 
		FederatedAuthentication.WSFederationAuthenticationModule
			.CreateSignInRequest(
				uniqueId: String.Empty,
				returnUrl: callbackUrl,
				rememberMeSet: false);

	signInRequest.SetParameter("wtrealm", IdentityConfig.Realm ?? config.Realm);
	return new RedirectResult(signInRequest.RequestUrl.ToString());
}

 
Now you can decorate the appropriate controllers and/or methods with the regular MVC [Authorize] attribute to require authentication.

 
If you have multiple Reply URLs configured for your application in Azure AD, you will need to add the following setting to your Web.config transforms for different environments:

<system.identityModel.services>
	<federationConfiguration>
		<wsFederation reply="EnvironmentSpecificReplyURL" 
				xdt:Transform="SetAttributes" />
	</federationConfiguration>
</system.identityModel.services>

 
Please view my subsequent blog post on how to handle 401 – Unauthorized errors properly.

 
Bonus Tip: consider switching your application from WS Federation to the newer and shinier OpenId Connect. See samples here.

SQL Azure Database SSL 3.0 Connectivity Issue in PCI Compliant Application

My team’s past 48 hours were spent in our little personal branch of hell, the one you get sent to when your application crashes for an unknown reason without any warning, and every new piece of information you discover while trying to identify the root cause is conflicting with the previous symptoms. If you manage to get past the feeling that your application was personally cursed by a vicious voodoo shaman and stay focused on the solution, I promise you will find a non-magical explanation for your problem, in this case – environmental change.

Read More (Company Blog Site)

The Windows Azure Release: A 10th Magnitude Developer’s View

I have been a .Net developer for a few years, and before coming to 10th Magnitude I never thought I would like Web development, because in my perception, it was all about menial management of HTML content and styles, a job more suitable for a designer than a developer. Instead, I found a whole new and challenging world of building web-based applications, creating amazing user experiences and managing threads and data. All that is very nice, you say, but what makes me think that the future lies with cloud development?

Read More (Company Blog Site)