You can secure an Azure web app via a software-based solution or a hardware-based solution.
Software-based:
You can secure an Azure web app with cookie-based authentication using OpenID Connect. Information can be found at docs.microsoft.com.
You first need to add an app registration in Azure Active Directory. This will give a clientid/applicationid. In case you deploy the web app to Azure, the Redirect Uri must be set to: https://[webappname].azurewebsites.net.
In the web application, you need to add a startup class that runs when the hosting process initializes.
The following OWIN Middleware NuGet packages need to be installed:
Microsoft.Owin.Security.OpenIdConnect
Microsoft.Owin.Security.Cookies
Microsoft.Owin.Host.SystemWeb
Configuration values are added to the config file:
<add key=”ClientId” value=”[from app registration]” />
<add key=”Tenant” value=”[tenant].onmicrosoft.com” />
Finally you can force a user to sign in by requesting an authentication challenge via the [Authorize] attribute in the controller or a controller action.
This way access to the controller is restricted to authenticated users only.
Hardware-based:
In the Azure Portal open the webapp’s Networking settings and set the access restrictions to allow access only from the private network.