I have a website that is set up and running fine on Azure. However I can only seem to access it if I log in to my own Microsoft account. Is there any way to just allow all http traffic without requiring authentication?
Your site should be public accessible as long as you do not have any authentication setup.
e.g if your site is http://foo.azurewebsites.net, everyone should be able to visit your site.
if your question is to allow other people who do not have azure subscription to manage your site. you can assign Role permission to them see Azure Role-based Access Control for details
Related
This is our setup so far.
1)On production, we are hosting static web pages through Azure storage account, we have configured it on Frontdoor with a custom DNS.
We have a requirement such that few of the static web page urls should ask for basic authentication on the browser.
We have configured this on Frontdoor rulesetup based on url pattern.
So far, this works fine.
2)Now, the main issue is with replicating the same setup for UAT purpose. Since its UAT, we cannot expose it globally. It should be accessible to only the people connected to office network, either directly or through vpn.
If we configure it in Frontdoor, we have the risk of exposure.
If we do not configure it in Frontdoor, we can't have basic auth setup feature which we setup through Frontdoor Ruleset.
We have explored WAF(security) policy on Frontdoor, but we do not have a specific range of IP addresses that can be configured in WAF custom ruleset.
• To block the frontdoor URL for office network without blocking the basic authentication setup feature for a few web pages on the static website URL, you should configure the conditional access policy for this purpose.
To configure the conditional access policy for all the Azure AD users connecting in your office network, you will have to ensure that you have Azure AD Premium P2 licenses available and the devices through which users are connecting to the office network are joined/registered with Azure AD.
Please refer to the below snapshots explaining the configuration of Azure AD conditional access policy for this purpose: -
Thus, in the above way, you can block the front door URL from being accessed by people in the office network. You can configure the named locations also in this policy accordingly to block the access from these locations based on trusted IP ranges, added layer of authentication and country based locations too as shown above.
For more information, kindly refer to the below link: -
https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/howto-conditional-access-policy-location
I have a "public" website deployed on azure. I want to get access only from a limited number of authorized tester persons.
I cannot use ip restriction because all of us have dynamic ip and we are dislocated all over the world.
Here the solution I have adopted, but I am not confindet is the correct.
I have enabled authentication.
I have also created users in active directory and added to my application:
Everything works. Now, before access to the website, people must login.
But... what I do not like is that people can access to portal azure with the email I have authorized on active directory. They do not see anything, but they can access into that directory. is there a way to avoid this?
Does exists a better solution to restrict access to my website?
Thank you
You can restrict access to Azure Portal with Azure AD conditional access
https://learn.microsoft.com/en-us/azure/role-based-access-control/conditional-access-azure-management
https://learn.microsoft.com/en-us/answers/questions/112173/can-we-restrict-azure-portal-httpsportalazurecom-a.html#:~:text=Yes%2C%20we%20can%20restrict%20access,Azure%20AD%20Premium%20P1%20License.&text=as%20shown%20below%3A-,Navigate%20to%20Azure%20Portal%20%3E%20Azure%20Active%20Directory%20%3E%20Security%20%3E%20Conditional,and%20Groups%20%3A%20Select%20required%20users.
I have a web app that I am hosting on Azure and would like to know how I can make that site accessable by only a security group/distribution list within Azure.
Now, the url is accessable by anyone even outside of my tenant which I am trying to avoid - What route would I go down to restrict it down to groups? I can't do it by users because there are 1,000+ users.
It appears like you can only restrict an Azure Web App access via IP addresses or virtual networks. Below is a quick summary. However, I have attached a link to the MS Docs that explains in more detail how to implement adding these restrictions.
Go to your service in the Azure Portal > Networking > IP Restrictions
Add Rule
Input IP/subnet mask
Note: After you add a rule, it will create an implicit deny by default for anything requests not matching the rules.
This link also may be helpful if you want to edit the web.config instead of using the Azure Portal.
Is it possible to use Azure Active Directory authentication with an intranet website?
I have a website that is only going to be available on my local network. I do not want this to be public. However, when I perform a test login using AAD and OAuth2 it wants to perform a redirect to a specific URL. Is it possible to do what I want or does this only work for public facing websites?
I have implemented a website that uses Azure AD B2C as its authentication mechanism.
Everything works great except I recently ran into a firewall issue with one of my clients. When the client redirects to either *.onmicrosoft.com and/or login.microsoftonline.com my client's corporate firewall blocks the routes. And to further complicate my situation my client's corporate firewall restrictions can not be changed.
Is there any work around that anyone can suggest such using a headless login workflow that is orchestrated within the web server that hosts my website or possibly using custom domains that my client trusts such as login.mycompany.com?
Both of the approaches have outlined would be the ideal ways to deal with this restriction, unfortunately neither are currently available in Azure AD B2C.
Both of them are listed in the Azure AD B2C feedback forum for you to support and keep track of their progress:
Customer-owned domains
Add support for Resource Owner Password Credentials flow in Azure AD B2C and headless authentication in Microsoft Authentication Library
I can't think of any other approach, which is a good thing otherwise, it would mean someone could easily spoof Azure AD B2C.
Ultimately, the right thing to do is to work with your client to ensure these and all the endpoints your applications needs, are allowed through the firewall.
Saca is correct, the customer owned domains feature could be used to change the domain name when it becomes available. Work has started, but it's still going to be some time before it's publicly available.
Regarding your client's firewall restriction that blocks login.microsoftonline.com. If it helps, there are some things that your client should be aware of. Blocking this domain doesn't just prevent application / Azure AD B2C scenarios, it blocks all Azure Active Directory sign-ins used for Microsoft Office 365 and Microsoft Azure. This means that if some other organization were to share Microsoft resources with one of the employees of your client's organization, they would be unable to access them.