.Net App Service redirects to www domain from root domain using web.config

Brett Andrew 24th May 2021

So I have recently being using Azure Front Door. One of the great things about it is that you don't need to provide SSL certificates for your domains, but there is still a gap for root domains - as, at the time of writing this, cannot add a root domain to azure front door because root domains can only have A type DNS record and azure front door requires a CNAME record.

The root domain thus presents a problem if somone types into a browser

mition.org

The root domain, should redirect to the azure front door, but there is no way to do it.

Solution (see full description below as its not a perfect solution still)
So one method is to create an App Service that does the redirection for you, this app service is basically just a web.config that contains the following:


<?xml version="1.0" encoding="utf-8"?>
<configuration>
  <system.webServer>
    <rewrite>
		<rules>
			 <rule name="CanonicalHostNameRule1">
			      <match url="(.*)" />
			      <conditions>
			        <add input="{HTTP_HOST}" pattern="www.*" negate="true"  ignoreCase="true"  />
			      </conditions>
			      <action type="Redirect" url="https://www.{HTTP_HOST}" />
			</rule>
 			
		</rules>
   </rewrite>
  </system.webServer>
</configuration>


Test it here:

http://mition.org

The above web.config is generic and works for any domain that is not prefixed with www it will add www. and ensure https and then redirect it.

This working perfectly apart from this following scenario: the user types in https://mition.org (they explicitly add the https part). In this scenario they get an SSL certificate is not valid and users need to do accept certificate warnings to continue.

So my thoughts on the matter is that buying SSL certificates for root domains is just not necessary and is a waste of money, it also creates risk that the certificate will expire and nobody (apart from your clients) will see it for weeks. I believe this app service redirect for root domains is suffice, there should be no reason why a user would enter in the https:// part manually, if they do they they should know enough about websites to get by.

They above caters for novice users who type in the simplest form of the domain into the browser (mition.org) and it takes them to the full https://mition.org website

What are your thoughts? Contact me if you have a different view.

Contact us