Couple of months ago I had exactly the same problem i.e. application was built on Azure Websites, had to run on custom domain other than *.azurewebsites.net
and had to allow secure login process.
Workaround for that we used was to embed an iframe (using secure protocol and .azurewebsites.net
domain name e.g. https://oursite.azurewebsites.net/login
) into non-secure page on custom domain (e.g. http://mysite.com/login
). And entire login process was performed in the iframe.
There is one thing which you should be aware of, namely, lots of customers checks whether the page where they provide their credentials was using secure connection or not. In our case, secure iframe in non-secure page was causing lots of customer complains. Workaround for that problem was to put a message confirming that the login process uses secure connection. The message made some improvements, however, still certain number of customers complains remained.
I hope that will help.