20 Jun 2020

Deploying Azure Web Services Manually

Looking into how we’d deploy, scale and secure a web service on Azure. Starting right at the very basics - a hand jammed basic web service deployed from inside VS Code.

To begin with i’ve created a very simple application that returns one of the top 1000 worst passwords. The source code and dependencies are here. But to give you an idea how simple it is, here’s the main code:

import random

from flask import Flask

app = Flask(__name__)

@app.route('/', methods=['GET'])
def index():
    return "We're up!\n"

# Returns a random bad password from the Daniel Miessler maintianed SecLists repository:
# https://github.com/danielmiessler/SecLists/blob/master/Passwords/darkweb2017-top1000.txt
@app.route('/password', methods=['GET'])
def password():
    lines = open('pwds.txt').read().splitlines() 
    return random.choice(lines) + "\n"

if __name__ == '__main__':

Going to start with something manual. In the Azure portal, I’ll just create a new “App Service” with all the defaults, selecting “Python 3.8” as the type.


And, we’re up. The service is serving up a default page until we deploy our code.


For this project, we changed the name of the main application file to “application.py” (not necessary, just easier). My flask app object is already “app” - app = Flask(__name__) which is the second requirement for making this simple.

It’s also a good time to make sure you have the “Azure App Service” extension installed in Visual Studio Code. With that you’ll be able to browse into the Azure App we’ve already created.


From here, we can just right click on the applicaiton we created in Azure and choose “Deploy to Web App”.


And just like that, we have a web service! We’ll serve up a basic status indicator on the default route ans the /password route is ready to serve up bad password choices all day.(And, the azure services takes care of TLS for us while we’re deployed with this hostname).


So, that’s the hand-jam way of getting this done. Next we’ll jot down some notes to automate the deployment.

Chad Duffey

Security Engineer