Creating a web server proxy for static website in Azure - azure

I have a static website in Azure that's hosted using the blob storage account. I need to make requests from this website to services hosted in other domains. In order to handle CORS, I need to build a forward proxy server that handles the requests from client and forwards them to the requested service. Similarly, response from the services will be forwarded to the client. What is the recommended way to achieve this?

You can write an Azure Function (with consumption plan) using your favourite programming language. Just send requests from front end to the Azure Function, then once you get the reply from 3rd party servers, return it to the front end.
PS: use the Http Trigger binding
https://learn.microsoft.com/en-us/azure/azure-functions/functions-bindings-http-webhook?tabs=csharp

Related

Securing Azure Function Endpoints used by Public Web App

I have an Azure Static Web App developed using Angular (let's say my company homepage) which needs to be publicly accessible w/o authentication. If I wanted some dynamic content on the home page which comes from a database (i.e. news items or a product list), are there any ways to "secure" an Azure Function endpoint that supplies this data to the front end.
"secure" == I'd like to limit access of the endpoint to just my Azure Static Web App.
I'd also like to set up a function that listens for IPN requests from PayPal and so I'd like to configure that function to only be accessible from PayPal.
I see that I can configure CORS to only allow specific domains access to a function -- is this my best option?
There are two ways to look at it,
(i) Azure has APIM Service which allows to secure certain endpoints and is probably the best way how to handle Azure Functions endpoints for public.
(ii) You can also secure the functions by adding application gateway and whitelist the IP address of the Application gateway in the function or you can build functions inside a vnet using the azure environment service.
You can read more about Securing Azure Functions here

How do requests from clients to an API get routed through the gateway hosted on Azure?

I'm not entirely new to MS Azure, but I am new to its API Management Service. I am trying to get an understanding of how the routing works between the client, the APIMS, and the backend APIs, but somehow can't seem to find what I'm looking for within Microsoft's documentation.
So here's what we have and what I understand:
We have multiple APIs that we host on Azure as App Services. And those APIs are added to the APIMS, which we are using as a gateway. The APIMS's Inbound policies on each API specifies the backend service as that App. But that's all I know.
So when a client, say an application running on someone's computer, sends a request to one of those APIs, how does its request URL end up routing through the gateway? And how does that all relate?
the request URL is made up as follows:
[name of your APIM service].azure-api.net/[name of api]/[api method]/[querystring]
example:
https://myapimanager.azure-api.net/myapi/getstudent?id=1
https://myapimanager.azure-api.net/myotherapi/getsomethingelse?name=bubbles

Enabling Communication between different webroles on Azure Cloud

We are trying to build a cloud service on Azure. We have 3 webrole instances running. What are the possible ways to proxy the requests that we get on a webrole to some other webrole.
For Example,
I have the following 2 web roles running: webrole0, webrole1.
I get a request on webrole0. Based on some parameters either webrole0 can serve the request or the request needs to be proxied to webrole1. How do I make this proxying of the request possible?
If you are looking for the path based routing you can go with Azure Application Gateway. If you want to route traffic to web roles based on the request parameters, you need to go with third party NVAs like F5 to check if that satisfies your routing needs.

Azure Api gateway for web apps instead of apis

Is it possible to have an kind of api gateway to redirect requests for different web apps?
Foe example:
Domain: abc.com
Abc.com/ -> abc-com-home.azurewebsites.net
Abc.com/map -> abc-com-map.azurewebsites.net
And every request in teh apps should use rhe same pattern.
Thank you!
Is it possible to have an kind of api gateway to redirect requests for different web apps?
Per my understanding, you could leverage the Set backend service policy to redirect an incoming request to the related back-end. Also, you could leverage the path-based rule for the application gateway with your azure web apps to distribute your request(s) to the relevant azure web app. Details, you could follow here.
Abc.com/ -> abc-com-home.azurewebsites.net Abc.com/map -> abc-com-map.azurewebsites.net
Per my understanding, I would map a custom domain (Abc.com) for abc-com-home.azurewebsites.net, then I would leverage the URL Rewrite for my abc-com-home.azurewebsites.net to redirect the request(s) to the related azure web apps based on the request path.
Yes, the application gateway can do it, but you must do it via powershell. If you need SSL, the you must configure for end to end ssl since webapps cant be a a virtual network.
https://learn.microsoft.com/en-us/azure/application-gateway/application-gateway-web-app-powershell

Can HttpClient on an Azure WebRole with only internal endpoints call out to an external URL?

I have an Azure solution containing an MVC application, hosting some Web API controllers that constitute a RESTful API, and a back end WCF service. The MVC app is on a Web Role with a public http endpoint. The WCF application is on another Web Role, with no public endpoints. The MVC app communicates with the WCF service using a ChannelFactory over a discovered internal http endpoint.
I would like to keep this configuration, but I need a component within the WCF service implementation to be able to call a method on the RESTful API, using HttpClient.
My question is: with only an internal endpoint, does my back end web role have the connectivity to allow HttpClient to work like this?
At first glance I would not expect it to, but I note that it does have the capability to use the Azure Storage Client library to obtain resources from Azure Blob and Table storage, and I believe these calls are executed using http to an external URL (unless Azure does something clever to enable these calls under the hood).
Internal endpoints are for inbound traffic. Your WCF service, in turn, can absolutely make outbound calls. As you've already noticed, you're using the storage client library, and storage is a separate endpoint (RESTful, in fact), not a part of your deployed cloud service.

Resources