This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
I am currently working on a solution for a client which has the following requirements:
Since there is no user authentication happening within the Angular application, I am thinking of hosting it inside an ASE (application service environment). Managing the communication between the micro-frontend and the Angular application will be done using Application Gateway.
Can someone advise me on whether this is the correct approach infrastructure-wise or are there things that I have forgotten to consider? Appreciate the help!
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(3.2, 34%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAM%3C/text%3E%3C/svg%3E)
I have more questions than answers at this point, but can you validate there is no other information needed from the on-premise network to the cloud application? It looks like you are passing a JWT, wouldn't it be better to do authentication in the hosted web application as well, and point it back at the on-premise network? It seems like someone could craft a JWT and intercept / get access to the hosted application. I think you technically can set that up okay, but "should" you do it I can't answer. Also since you are using a browser you can expect CORS to not be your friend. I don't expect this is the answer but wanted to chime in with my opinion.
Hi Anthony, thank you for your inputs. Yes, no other information aside from the JWT is needed from the client's network.
It's not possible to perform authentication in the hosted web application since the user database (IDP) is in the client's domain. This is the reason why I'm thinking of securing the application via the network layer.
Welcome to the Microsoft Q&A Platform. Thank you for reaching out & I hope you are doing well.
Looking at the configuration from a architectural stand point, the network connection between the networks would succeed.
However, we cannot comment on the behavior of the JWT Token behavior. We would suggest you to deploy a test environment and make sure the set up is working as expected.
Should there be any break fix issues, you can let us know and we shall try our best to address your queries.
Cheers,
Kapil
Reaching out to check if there are any questions on this.
Please let us know if we can be of any further assistance here.
Thanks,
Kapil
@KapilAnanth-MSFT , all is good now, thank you.
I recommend you look into the private endpoints option that you can explore. With this, you could establish a secure channel between multiple tenants. Refer to the below diagram
There is reference documentation available on this topic in Microsoft Learn.
Hope this helps