Can CORS and CSRF addressed by Azure Solution Offerings ?

Rakesh J 21 Reputation points
2022-08-08T07:58:19.623+00:00

Hi Team,

Can anyone help me put CORS and CSRF attacks can be addressed by Azure Solution Offerings ?

ASP.NET
ASP.NET
A set of technologies in the .NET Framework for building web applications and XML web services.
3,288 questions
Microsoft Partner Center API
Microsoft Partner Center API
Microsoft Partner Center: A Microsoft website for partners that provides access to product support, a partner community, and other partner services.API: A software intermediary that allows two applications to interact with each other.
317 questions
0 comments
Accepted answer
  1. Lan Huang-MSFT 25,876 Reputation points Microsoft Vendor
    2022-08-08T09:26:42.687+00:00

    Hi anonymous user,
    You can check the following documents:
    Implement X-CSRF pattern:
    https://learn.microsoft.com/en-us/azure/api-management/policies/get-x-csrf-token-from-sap-gateway

    Tutorial: Host a RESTful API with CORS in Azure App Service--Enable App Service CORS support:
    https://learn.microsoft.com/en-gb/azure/app-service/app-service-web-tutorial-rest-api#app-service-cors-versus-web-api-cors

    Configure cross-origin resource sharing in FHIR service:
    https://learn.microsoft.com/en-us/azure/healthcare-apis/fhir/configure-cross-origin-resource-sharing
    Best regards,
    Lan Huang

    If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Sreeju Nair 11,621 Reputation points
    2022-08-08T08:39:14.77+00:00

    When you speak about the security in Azure, it is a Shared Responsibility Model. The following link details the Shared Security Model .

    https://learn.microsoft.com/en-us/azure/security/fundamentals/shared-responsibility

    Also it will be good idea to refer the Azure Security Bench Mark from here. https://learn.microsoft.com/en-us/azure/governance/policy/samples/azure-security-benchmark

    Now to address your query about CORS and CSRF, Azure services handles these threats well, but implementation depending on individual services. For e.g. the following link help you to prevent CSRF in the Azure ML workload.
    https://learn.microsoft.com/en-us/azure/machine-learning/concept-secure-code-best-practice

    Another example is how you configure CORS in storage account, refer the below link.
    https://learn.microsoft.com/en-us/rest/api/storageservices/cross-origin-resource-sharing--cors--support-for-the-azure-storage-services

    Basically you need to go through the services, if you are developing applications, make sure your applications handles them well. for SAAS based solutions Azure handles application security (as shown in shared responsibility model) and for PAAS, it is shared between you and Azure. for IAAS model, it is purely your responsibility.

    When you develop applications with ASP.Net Core, the framework offers support for both CORS and CSRF. Refer the following URLs.

    https://learn.microsoft.com/en-us/aspnet/core/security/anti-request-forgery?view=aspnetcore-6.0
    https://learn.microsoft.com/en-us/aspnet/core/security/cors?view=aspnetcore-6.0

    Hope this helps

    0 comments