You can secure an Azure web app via a software-based solution or a hardware-based solution.
You can secure an Azure web app with cookie-based authentication using OpenID Connect. Information can be found at docs.microsoft.com.
You first need to add an app registration in Azure Active Directory. This will give a clientid/applicationid. In case you deploy the web app to Azure, the Redirect Uri must be set to: https://[webappname].azurewebsites.net.
In the web application, you need to add a startup class that runs when the hosting process initializes.
The following OWIN Middleware NuGet packages need to be installed:
Configuration values are added to the config file:
<add key=”ClientId” value=”[from app registration]” />
<add key=”Tenant” value=”[tenant].onmicrosoft.com” />
Finally you can force a user to sign in by requesting an authentication challenge via the [Authorize] attribute in the controller or a controller action.
This way access to the controller is restricted to authenticated users only.
In the Azure Portal open the webapp’s Networking settings and set the access restrictions to allow access only from the private network.