Multiple Secured Sites in One Web Role on Windows Azure

I have seen it as frequently recurring problem for developers who are writing Azure based Cloud ready applications and want to optimize their workload by hosting mulitple sites in one web role securely. This post discusses about configuring multiple secured Web Sites in one web role using Host Headers and SSL Certificate. By using the Sites element within the service definition file, ServiceDefinition.csdef, one can configure web role to support multiple web sites and web applications and SAN enabled SSL Certificate can be used to make sites secure.

On Premise, it is easy to manage multiple sites on IIS using configuration settings where system admin can easily define host headers and redirect them to specific Virtual directory on IIS. For secured sites, multiple SSL certificates can be installed and make it working.
However, as Azure Web Roles work with Package files and admin doesn’t have direct access on IIS to make host header changes, so it is tough to maintain multiple sites in one Web Role. In that case, user goes for multiple web roles which are expensive and hard to maintain. Dynamic scaling makes it tougher. Admins need to keep track for individual site and Web Role and their scaling.

Windows Azure provides host header configuration facility during development, which can be used to solve multiple sites issue in Web Role.
For example, two sample sites are getting used named as www.MasterWebRole.com and www.website2.com, which run on secure channel. Following are the steps to configure it:

1. Add two Website projects in one web role.

2. Add following settings to configure multiple sites in one web role:
<Sites>
<Site name="sample1" physicalDirectory="..\MasterWebRole">
<Bindings>
<Binding name="Endpoint1" endpointName="Endpoint1" hostHeader="www.MasterWebRole.com" />
</Bindings>
</Site>
<Site name="sample2" physicalDirectory="..\WebSite2">
<Bindings>
<Binding name="Endpoint1" endpointName="Endpoint1" hostHeader="www.website2.com" />
</Bindings>
</Site>
</Sites>

Take care of physicaldirectory and hostheader in each site.

HostHeader contains the site name and physicaldirectory contains the physical path of the website. One can test host header settings by changing host file on local machine and running the solution.

3. To Enabled SSL, following settings need to be configured:
<Endpoints>
<InputEndpoint name="Endpoint1" protocol="https" port="443" certificate="Certificate1" />
</Endpoints>
<Certificates>
<Certificate name="Certificate1" storeLocation="LocalMachine" storeName="My" />
</Certificates>

Create new secure EndPoint and attach it to a SSL Certificate which can authorize both sites. To enable multiple site verification, following settings need to be enabled in SSL:

Upload the package to Windows Azure with given SSL Certificate with proper CNAME mapping for Host Header site. Once, CNAME mapping is enabled, both sites will hit same web role in different website configured in IIS.

Hosting multiple sites on multiple web roles is not really cost effective and maintenance is also an issue. If application can be designed this way where multiple sites can stay in one web role will reduce the cost and maintenance significantly. Host Header and SAN enabled Certificate enable multiple web sites in one web role.

Topic: Microsoft Azure Web Roles

Level: 400

Audience: Azure .NET Application Developers