In previous article we looked at how to secure an Azure Function with Azure API Management, in an effort to only allow resources within the Azure tenant access.
Could the same thing be done with a Web Api hosted in App Services?
Surprisingly, it was just as easy to implement.
You setup Express Auth through Authentication/Authorization just like we did with the Azure Function.
The policy for the Api Operation looks a little different, we set the base-url attribute of the set-backend-service node using the Web Api Endpoint, e.g. https://my-webapi.azurewebsites.net, instead of setting the base-id attribute.
|
1 2 |
<authentication-managed-identity resource="https://my-webapi.azurewebsites.net" /> <set-backend-service base-url="https://my-webapi.azurewebsites.net" /> |
That’s it!
Easy authentication for allowing Azure Resources access to a Web Api hosted in App Services.
Note, this is NOT authorization, for now, that would need to be handled by code, but for back-end services this is an easy and code-less way to add authentication.