I have a simple azure web app that I'd like to be accessible only to another azure web app. Is there a way to achieve this very simple thing without having to pay arm and leg for Azure Service Environment
If you want to deploy your Azure App service on a virtual machine , there is no way to do that. But if you deploy your web application on an Azure VM your requirement can be implemented easily : just using this feature , your web app service can access your web application hosted on virtual machine in Azure VENT and your web application is 100% secure as there is no route to access it for public accesses.
If Azure web app service is necessary for your web application,you can adding your first web app service outbound IP into IP whitelist of the web app service that you want to limit accesses by others . For how to find outbound IP of web app service, pls refer to this doc
However, you know for common Azure app services ,outbound IPs are shared with other common Azure web apps , so this way is available but not so perfect.
Using managed Identity to protect your web app service will be a better and easy way I think: Requests that have passed Azure AD auth will be able to access your web app service.
What's more , in previous link , all ways to protect your web app service have been listed under "Secure app" section , which will be helpful for you too.
Related
Hi I was able to host an API application an Azure but unable to access the network of my database which is located in a different server under my network
I was wondering what things should I set up to make this happen
Generally, you could enable the networking of app service to allow web app in the app service to access in a private network then connect the azure VNet and on-premise network via a site to site VPN gateway. You could get more details from this article.
However, in this case if you just want to access the database in another network, it's recommended to use Azure Hybrid Connections, it's a simple way without VPN gateway.
Azure Hybrid Connections enables you to connect your Azure App Services (including Azure Functions) to existing on-prem services/APIs. See How to Add and Create Hybrid Connections in your app and more reference.
Our company's Client portal if developed with C#. Clients do authenticate on this portal.
Now I developed a new service with a small portal using Laravel 5.7 (let's call this the service portal).
The two portals are on different domains.
I want to integrate the new service portal in the main portal without doing authentication twice.
What I want to accomplish is that when a client authenticates on the original Client portal (C# portal) and clicks a link, he gets redirected to the service portal (laravel app) without being authenticated.
So I don't know if is it possible to accomplish this ? If so, please point me on how to do it.
Thank you
We offer services to help local business to gather more reviews on platforms like Google or Facebook. Each customer has a kind of own site, hosted by us. But technically it runs on one Azure Web App. Each customer has for example a url like following: https://portal.your-voting.com/freds-bike-shop. We want go give our customers the opportunity to configure their own domain in the backend. For example : https://review.freds-bike.shop. Also the SSL certificate from Let's Encript for Azure should work with the custom domain.
How do i programmatically add custom domains for my azure web app?
How do i automatically get and install the Let's Encript certificates for the customer domains?
At the moment we use the Let's Encript Site Extension and C# als programming Language.
How do i programmatically add custom domains for my azure web app?
You could leverage Azure Management Libraries for .NET and follow Getting Started with App - Manage Web App With Domain Ssl - in .Net for binding a custom domain name to the Web App as follows:
app1.Update()
.DefineHostnameBinding()
.WithThirdPartyDomain("{yourdomain.com}")
.WithSubDomain("{your-subdomain}")
.WithDnsRecordType(CustomHostNameDnsRecordType.CName)
.Attach()
.Apply();
How do i automatically get and install the Let's Encrypt certificates for the customer domains?
Here is a similar approach for using powershell automation for azure web app with Let's Encrypt certificate, details you could here about the CreateLetsEncryptWebApp.ps1 with the following steps:
a) create an Azure Web App
b) generate a certificate from Let's Encrypt
c) bind the certificate to the Web App with a custom domain name
For using Let's Encript Site Extension, you need to register an Azure AD app and configure the relevant Web App settings, details you could follow here.
_ Azure newbie alert _ I have a WCF web service (deployed on prem) that uses windows authentication. I just built an App Service on Azure that among other things it needs to retrieve data from this web service. I don't have control over the authentication mode it uses nor can I change it, so is there any way at all to configure my App Service to use Azure AD and authenticate using a windows account (same account used on Azure portal)?
On a side note, I communicate with the WCF service on prem through a hybrid connection on the App Service. Not sure if that makes any difference
I have various bits of functionality implemented in WCF web services which are currently consumed by an Excel client via a local COM-visible library. I wish to implement some of the front-end functionality in a web client. I set up my client proxy using
dataChannel.Credentials.Windows.AllowedImpersonationLevel = TokenImpersonationLevel.Delegation;
ASP.NET impersonation is turned on as is windows authentication (no anonymous). When web services and web site are hosted on the same server there are no issues and the desktop user's credentials are passed from browser to web site to WCF perfectly. However, when web site and web services are hosted on different boxes (same domain, intranet only) I get 401 authentication errors. What am I doing wrong?
It sounds like you are suffering from the kerberos "double hop" problem. By default windows does not pass the kerberos authentication token onto another server so if you have user accesses webserver A and authenticates, webserver A accesses service on webserver B. WEbserver A does not pass the auithentication through to webserver B so you get a 401. I think this article should help you enable kerberos delegation between the web site server and the web service server