I have a website on the namecheap server and an application on microsft azure deploy on Azure App Service I would like to send post requests from my namecheap server to azure which contains the application my questionis this possible and also isn't there a security risk?
thank you for your help
Web programs are accessed through HTTP Requests. The security risk you mentioned does not exist.
In webapp, the security of web application data is what we need to care about.
After passing the authentication, the data can be curd according to the authority to ensure the security of the program.
It is recommended that you deploy the azure webapp program to increase the authentication function, such as jwt token.
Related
I am using Azure App Service to access a webservice hosted elsewhere. The webservice requires mutual TLS Authentication.
I have been given the public certificate from the provider of the webservice but where do I install this public certificate in Azure? In a traditional server environment, I would install in the certificate store. But in Azure, do I install it on the application gateway? or the Vault? How does Azure app service know where the certificate is installed and present it?
Private and Public certificates can be uploaded to Azure Web App: https://learn.microsoft.com/en-us/azure/app-service/configure-ssl-certificate?tabs=apex%2Cportal
Code running in Azure Web App can access those certificates in different ways, it depends on what language and runtime your application is using: https://learn.microsoft.com/en-us/azure/app-service/configure-ssl-certificate-in-code
In regards to your other questions:
"do I install it on the application gateway"?
From what I understand, your application is going to make outgoing calls to a webservice hosted elsewhere. Azure Web App outgoing traffic does not go through Application Gateway - so no, in your case storing certificate in Azure Web App and accessing it from the code is a good solution.
"or the Vault"? Azure Web App can also store certificates in Azure Key Vault. Your code could also connect to Azure Key Vault directly, bypassing Azure Web App key store altogether.
Finally, "How does Azure app service know where the certificate is installed and present it?" Please see the first two links I provided.
In the future, Azure has an excellent documentation on all of their products, a simple search engine search typically helps to narrow down many primitive answers.
Welcome to StackOverflow!
I have an internal web application (ASP.NET) that I want to expose to the internet, preferably thru Azure Application Proxy. The requirements are to use an existing external keycloak server for user authentication, the keycloak server is hosted separately from our Azure. I have read that Azure Application Proxy requires Azure AD ( not sure about this), but it is not clear if Azure AD can be connected/use an external Keycloak server.
My question is can Azure Application Proxy be made to work with an external KeyCloak service to authenticate and authorize users, or is there some other way to expose the internal web application to the internet with Azure and an external Keycloak server.
Using Azure is not a fix requirement, but it is preferred.
Using the external Keycloak server is required.
Thanks in advance for any help with this.
We are consuming WCF service from a console application with NetworkCredential(UserName && PWD) ,WSHTTPBinding.
When we call Service from Azure PAAS Service , we land into issue The HTTP request is unauthorized with client authentication scheme 'Negotiate'. The authentication header received from the server was 'Negotiate,NTLM'.
The Client Config for both PAAS Consumer, Console app looks exactly same. Not sure why the error is seen only in case of PAAS Consumer.
The reason is because the PaaS service is not in the same network of your WCF service or the credentials you're using are not valid.
For example:
you're using a valid / existing credential from your company network locally:
CONTOSO\thdotnet
When publishing to Azure and trying to use the same credentials it will fail unless you're using a VPN to allow your PAAS app to call the servers running in your company's network.
I have been looking at various tutorials demoing how identity management works as well as API management in azure but I am not seeing an answer to my questions. I understand that managed identities can be used to authorize azure resource to resource communication but I am not seeing how this is done for a web application. Say for example I have an angular website being hosted on an nginx server in an AKS cluster. I understand that I could use Identity management to create Identity resources that make it so that the AKS and APIM are authorized to connect with one another but how would I do this for the angular running application? This application is running in the client's browser, so it seems like this identity management mechanism would not work. How does one secure an APIM so only a given web application can interact with it?
You could secure your API in APIM with the client certificate, then when the app access the API, validate the incoming certificate and check certificate properties against desired values using policy expressions.
For more details, see How to secure APIs using client certificate authentication in API Management.
I have a design issue that I've been struggling with in Azure. I have created a .NET Core API and deployed it as an App Service in Azure. On top of that, I have an instance of Azure API Management with oAuth 2 securing it. I was able to achieve this by following this tutorial:
https://learn.microsoft.com/en-us/azure/api-management/api-management-howto-protect-backend-with-aad
So, the API Management instance is secured with policies and rate limiting, but the back-end URL is wide open and requires no authentication. What is the best process to secure the back-end URL?
you can set APIM public IP in accessing whitelist of your App service to make sure only APIM requests will be able to access your App Service. For how to set IP restriction , you may refer to this doc : https://learn.microsoft.com/en-us/azure/app-service/app-service-ip-restrictions#adding-and-editing-ip-restriction-rules-in-the-portal