On the Web Api, enable the Private Endpoints feature. This will disable all public access and restrict access from within the VNET. This feature will require an unused subnet, which will then be used to allocate an inbound private IP Address
Restrict Access to API in Azure App Service
One Azure App service hosts a asp.net core API, another different Azure app service hosts a Web app. The web app can be accessed by end users that don't need to sign in (public). The web app calls the API. How can the API access can be restricted so that only the web app hosted in Azure can make calls, but end users cannot directly call the API end points, but the end users can still access the website (webapp)?
2 answers
Sort by: Most helpful
-
-
Ali Sufyan Butt 86 Reputation points MVP
2022-11-24T12:39:07.28+00:00 Hi Aqilancd,
A bit late but, see this, might help
https://learn.microsoft.com/en-us/azure/api-management/api-management-access-restriction-policies
Use Azure Api management