Close

Secure Azure Web App

You can secure an Azure web app via a software-based solution or a hardware-based solution.

Software-based:

You can secure an Azure web app with cookie-based authentication using OpenID Connect. Information can be found at docs.microsoft.com.

You first need to add an app registration in Azure Active Directory. This will give a clientid/applicationid. In case you deploy the web app to Azure, the Redirect Uri must be set to: https://[webappname].azurewebsites.net.

In the web application, you need to add a startup class that runs when the hosting process initializes.

The following OWIN Middleware NuGet packages need to be installed:
Microsoft.Owin.Security.OpenIdConnect
Microsoft.Owin.Security.Cookies
Microsoft.Owin.Host.SystemWeb

Configuration values are added to the config file:
<add key=”ClientId” value=”[from app registration]” />
<add key=”Tenant” value=”[tenant].onmicrosoft.com” />

Finally you can force a user to sign in by requesting an authentication challenge via the [Authorize] attribute in the controller or a controller action.
This way access to the controller is restricted to authenticated users only.

Hardware-based:

In the Azure Portal open the webapp’s Networking settings and set the access restrictions to allow access only from the private network.