Sometimes you may want your Azure website to not be publicly available or to restrict the access to it quickly and easily, without having to perform any complex configuration or code changes. This actually can be achieved with a few clicks through Azure Websites Authentication/Authorization; a feature that allows users to quickly restrict access, using Azure Active Directory, with just a few clicks.

In this post, following the steps below, we are going to create and deploy a web application to Microsoft Azure and then restrict the access to selected users through Azure Active Directory.

Step 1. Create a ASP.NET Core web app

In order to create a new Web App:

  1. Select New Project… from File > New > Project…
  2. In the popup window select ASP.NET Core web app or ASP.NET Web App
  3. Check Host in the cloud option to automatically configure Microsoft Azure App Service and press Create

After a few seconds the project will be created and a “ready to deploy to” App Service is created in Microsoft Azure.

step1-create-web-app

Step 2. Publish your web application on Azure

To publish you web application on Microsoft Azure:

  1. right-click on the Project name,
  2. select Publish… and
  3. click on Publish in the popup window. In a few seconds your application will be hosted in the cloud.

step-2-publish-webapplication

When Publish is completed you will be able to access your web app through http://notpublicwebapp.azurewebsites.net

step-2-web-app-on-the-cloud

Step 3. Restrict access through Authentication / Authorization

App Service Authentication / Authorization can be found in the Settings group of the new Azure Management Portal. After you flip the switch to On a new set of options will appear, where you can select:

  • the Αction to take when request is not authenticated (3), and
  • the Authentication Providers (4) to use

In our scenario we will select:

  • Log in with Azure Active Directory as action to be taken when the request is not authenticated, and
  • Azure Active Directory as authentication provider

On the Azure Active Directory Settings blade we will select Express Management Mode and we will create a new AD Application to configure who will be able to access our web app.

step-3-configure-authentication-authorization-active-directory

After you click on Save, try to access your web app through Incognito window (no session and cookies) and you will get redirected to sign-in form.

auth-sign-in-required

To access your app, you need to sign in with an account that has been declared in Azure Active Directory App “NotPublicWebApp“.

Step 4. Manage who can access your web app

To manage access permissions in your web app you need to click on Active Directory service that will redirect you to the old portal.

manage-active-directory

There you can add more Users to your Active Directory, while from the Application tab you can manage user access to your application.

Categorized in:

Articles

Tagged in:

,