Azure App Service Web App access to VM - azure

I am running a .NET website web app (App Service) and a separate windows Azure VM running onprem AD Domain controller.There is no connection between onprem AD with Azure AD.I want to access windows VM Active directory (Azure VM) objects under my WebApp/website. Is this possible to access Azure VM Active directory objects through my website ( web app) ? And if yes please suggest the secured way.
Thanks

Consider to use Azure Virtual Network to put your resources (Web App included) into the one virtual network. Then you should be able to query what you need. Tutorial. Or Web Apps Hybrid Connections.

Related

Is it possible to access Azure Virtual Machine local site in Azure web App Service?

Can we host website in Azure Virtual Machine and access that in another website which in hosted as Azure web app service?
We have community website which we want to host on azure virtual machine and we want to update/get community website content using web API on website which is hosted as Azure Web App.
So is it possible to access Azure Virtual Machine local site in Azure web App Service?
It's possible to access Azure VM resources from Azure app service.
By default, the inbound and outbound of Azure app services are directly going to the Internet. If the network interface of Azure VM is assigned with a public IP, and the websites in the Azure VM has published to the internet, then you can access that Azure VM website from your app service, just like the normal public websites do.
In addition, if you want to access the Azure VM website from your app service within the Azure virtual network, you can consider integrating your app with an Azure virtual network. VNet Integration is used only to make outbound calls from your app into your virtual network. The VNet Integration feature behaves differently when it's used with virtual networks in the same region and with virtual networks in other regions. In this scenario, you don't need to assign a public IP to the Azure VM.
For more information about connecting app service to the on-premise resources or the resources in another virtual network, you could refer to this blog.
Let's me know if you need further help.

Windows Virtual Desktop why I need an AD sync to Azure AD

why I need a sync from onpremise AD to Azure AD for azure windows virtual desktop? It stands in the requierments but I do not understand the details why.
Regards
Stefan
Windows Virtual desktop is at time not compatible to run in a cloud only environment with Azure Active Directory only.
There are two options supported.
• Local AD synced with AAD connect to Azure AD
If you already are using a local active directory synced with Azure Ad Connect to Azure AD. This is probably your first choice of setup. You will need to add an Azure VPN to connect your LAN to an Azure Network. The WVD hosts need access to a Domain controller. For the best performance and functions, I also recommend setup of a Virtual domain controller in Azure.
• Azure Domain Services
If you have gone cloud only and deprecated your local AD, Azure offer Azure Domain Services. This is an Azure managed domain that is synced from Azure AD to Azure DS
http://www.tbone.se/2019/08/08/windows-virtual-desktop-part-2-requirements-and-infrastructure-setup/

Access on Premise resources using Azure AD Application proxy

we have configured azure active directory pass-through authentication . Need to access on premise resources from the azure deployed application. can we do this by configuring application proxy?. so that on premise application authenticated with azure AD. so the communication between azure application and on premise application be seamless. Is it possible?
I'm not entirely sure if I understand you correctly but what you want is probably possible by using Azure Hybrid Connections: https://learn.microsoft.com/en-us/azure/app-service/app-service-hybrid-connections
You install the Hybrid Connector on-prem, e.g. on a VM, and then for instance an Azure App Service can access certain resources on-prem.
Or for anything more advanced you might want to look at Azure VPN (or ExpressRoute in the long run).

Access network file share from azure app service - web app - ASE in hybrid setup

There is an azure web app in azure app service ASE. It is linked to a Vnet. And a point to site VPN between laptops/PCs connecting to the Vnet from outside cloud/ on premises to form an hybrid cloud setup of sorts. I am trying to see if a network file share / share folder in a PC/VM in that Vnet can be accessed from the web app (app service) . When I try this I get a unauthorized exception.
what are the options do I have ?
will having a cloud service web role instead of the web app help?
Or set up a domain controller + AD in the Vnet and add VMs to the domain and trying to access the share as a domain user( impersonation via code) ?
Also I am not sure if I connect my laptop/PC to this Vnet via point to site VPN , the laptop/PC will come under the domain that we created.
The use case behind this to show some on premises media( images, videos etc possibly bigger sizes ) on a web app running in azure PaaS.
Please share your thoughts and comments.

Hosting a web application in Azure that consumes on premise web services and ActiveMQ

I'm looking at ways to host our web site in Azure. The Web application consumes on-premise web services and send/receive messages from ActiveMQ hosted on-premise. Is this possible? Any pointers will be helpful.
Short Answer: Yes, it's possible. Mixing Azure and On-Prem resources is what's called the Hybrid Cloud.
Long Answer:
You can use Azure App Service Environment to setup a Virtual Network with an Azure Web App that will allow for a VPN connection to be setup between your on-premises network and the Azure VNet. If VPN setup isn't an option of you, then you could use the Azure Service Bus Relay service to connect an on-premises WCF Web Service to the Azure Web App. Additionally, a Biztalk Hybrid Connection could be used to tunnel through the firewall between your on-premises resources and the Azure Web App. Hybrid Cloud is fully supported in Microsoft Azure and there are a few options to choose depending on which fits your needs / scenario best.
You can create a VPN on Azure, add the web site to it and then create a site to point VPN connection to add the VM that has the on-premise web service to it.
Another solution, if your web service is developed in WCF, you can use Service Bus Relay with your web service, this will make it accessible from your Azure web site.

Resources