Share via

how to secure Frontend app service calling a backend app service

Pratik Pragnya Tripathy 0 Reputation points
2023-09-05T08:14:57.09+00:00

We have 3 app service ui, be, wf all the app services are in private network. Ui app service is linked with a custom domain for direct use, there are some features which need the intervention of backend, so while calling backend service, it wont happens as it was in private network. So have get a custom domain for the backend app service to get it accessed by the frontend app service.

So is there any way we can secure the backend service coz there are a lot of crucial data's are there.

Azure Virtual Network
Azure Virtual Network
An Azure networking service that is used to provision private networks and optionally to connect to on-premises datacenters.
2,762 questions
Azure App Service
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
8,930 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Ben Gimblett 4,560 Reputation points Microsoft Employee
    2023-09-05T10:06:00.7233333+00:00

    Hi @Pratik Pragnya Tripathy - thankyou for posting the question

    What you actually do should be based on your overall requirements - as some features add complexity and additional cost which could otherwise be avoided if not required

    We would need more details about what you're doing and what those requirements are, but for a very short high level answer

    • If the only public access is via the UI/Front end app and that app is "virtual network integrated" then the other apps can be access over a private endpoint and the access through the public endpoint for those other apps can be turned off.
    • You have the option of using either Azure Front Door or Application Gateway which both have a Web-Application-Firewall (WAF) feature, if you need that extra layer of functionality in front of your apps. If you did then it would be possible to broker public access to the front end / UI through either Front Door or Application Gateway and have the rest of the network path private
    • Whatever you do or don't do with the network path, it's important you have good authentication and authorization. It is common that some public facing web sites have some anonymous content , but generally content is only accessible once a user is logged in. In addition, it's good practice to have authorization between front end and backend and any other dependent services/databases.
    • Logging and App performance monitoring are also important
    • Any database, storage or cache used should have controls from a network perspective (where applicable) as well as authorization
    • It is also possible to incorporate a L3/4 firewall for customers who have that requirement (for example where dependencies are required on-premises or from another network

    please let us know more about you're requirements and we can give you advice on how to achieve those requirements in Azure using App Service (and other services)

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.