P3P and IIS in Azure

I had a customer who was running a portal web site on an intranet web server that hosted a number of iframes, each one running a different web app.

We wanted to migrate some of these apps to Azure but maintain the cookies that were being passed by the apps. In IE, iframe content is treated as third party when not on the same domain and will block all cookies by default. To get around this, you have to set a web site policy file and pass the reference to it in the headers so that the browser knows what to do.

The following is an example of a policy file that allows cookies. This needs to be included as content in your Azure deployed web app.


    <POLICY-REF about="/w3c/example-com.p3p#policy1">

You then need to tell IIS on the Azure VM to send the custom header. You can do this in a startup task.

Create a file call "setupiis.cmd"and add the following line, replacing the <mysite.com> with your domain name.

appcmd set config /section:httpProtocol /+customHeaders.[name=’P3P’,value=’policyRef=""" http://<mysite.com>/P3P.xml """’]

Please note that you must include double-quotation marks (") around a value. You must escape the quotation character by enclosing it in double-quotation marks.

Then, add a startup task to your ServiceConfiguration.cscfg

   <Task commandLine="setupiis.cmd" executionContext="elevated" taskType="simple" />