Using Azure App Service for authentication and as front-end for Azure API

Question

Using Azure App Service for authentication and as front-end for Azure API

hampton123 1,175

I want to use an Azure App Service as a frontend for my Azure APIM instance, not only to secure my API but to also act as a user-friendly login system for my API. How would I go about doing this? Are there any templates that exist that I could start with?

Accepted answer

1 additional answer

Your answer

Answer 1

Sina Salam 22,191 Volunteer Moderator

@Hunter B

Welcome to Microsoft Q&A and thank you for posting your questions here.

To understand your question, you would like to use Azure App Service for authentication and as front-end for Azure API, also; you would like to know how to go about doing this and if there any templates that exist that you can use for a start.

Yes, you can use Azure App Service as a frontend for your Azure APIM instance.

To use for front-end for Azure API, Authentication, how to go about it and different work around and scenarios could be found in the link below.

Create a Front Door for a highly available global web application.

The link will guide you to use step by steps for standard/premium or classic with images.

Hope you find this helpful! To let the community and other users know this answer is useful, kindly vote for it. Do not hesitate to contact if you have more questions.

Best Regards,

Sina

hampton123 1,175 Reputation points

2023-06-30T16:38:19.5433333+00:00

Hi @Sina Salam , thank you for the response! It's good to know that I can use Azure App Service as a frontend for my Azure APIM instance.

Is there a way I can only allow users to sign into this frontend using their information from Azure APIM? I only want to manage external users in my APIM instance, so I would prefer they make an account through APIM first, then use those credentials to log into the web app allowing them access to the API.
Sina Salam 22,191 Reputation points Volunteer Moderator

2023-07-01T20:37:35.7566667+00:00
@Hunter B

Absolutely possible, and thanks to @Pramod Valavala for more points and mentioned function app as best options.

Depend on your background and experience on Azure Development. You can learn about Azure Functions in the following links:

Getting Started with Azure Functions Tutorial

Azure Functions Overview

Guidance for developing Azure Functions

Now, to create an Azure Function with authentication enabled, you can follow the steps outlined in this link: Azure Function Authentication Microsoft Tutorial.

The tutorial will show you how to configure authentication for Azure App Service or Azure Functions so that your app signs in users with the Microsoft identity platform (Azure AD) as the authentication provider.

Hope you find this more helpful! Let me know if you have more questions.

Best Regards,

Sina
hampton123 1,175 Reputation points

2023-07-03T15:09:03.59+00:00

Hi @Sina Salam thank you for the response! What about if I only want external users to use their Users made with APIM to log into the API? Is this possible? See I have a web app now that allows Azure AD users to sign in, however I only want users within my organization to be able to use Azure AD, while external users use their account/User made with APIM to be able to log in.
Sina Salam 22,191 Reputation points Volunteer Moderator

2023-07-03T22:50:53.22+00:00

@Hunter B

If you want external users to login, you can get the App ID and App Secret values that you obtained from identity provider like google, yahoo, or any other you want.

You can also set up Google external login in ASP.NET Core by resetting the ClientSecret in the Google API Console after publishing the app to Azure. Set the Authentication:Google:ClientId and Authentication:Google:ClientSecret as application settings in the Azure portal.

Likewise, every others.

You can do more or read more right in this link on how to:

Implement API authentication and authorization.

Configure Google authentication.

Hope this information help you.

Regards,

Sina

Answer 2

Pramod Valavala 20,656 Microsoft Employee Moderator

@hampton123 I'm unsure if there is any readily available template for this but the best way to do this would be to create a function app with authentication enabled, and a single function that forwards all requests including authentication information to APIM.APIM policies could be used to validate the token and/or perform authorizations based on the scopes present as required.

Since the Function App is serverless and is simple, it should scale well with your application. For cross region deployments and/or for redundancy, you would just deploy multiple instances of this function app with the same authentication settings.

hampton123 1,175 Reputation points

2023-06-30T18:33:58.4366667+00:00

Hi Pramod, thank you for your response. I was thinking that I could use the <validate-jwt> policy in APIM to only accept authorized users for my API. Individuals in my organization also recommended that I find a template, and I've ended up using this template shown here: https://learn.microsoft.com/en-us/azure/active-directory/develop/web-app-quickstart?pivots=devlang-nodejs-msal&tabs=windows.

The issue is that I 1) do not know how to integrate this with APIM and 2) I do not know how to only allow Users who have made an account with APIM to sign into this system.
hampton123 1,175 Reputation points

2023-06-30T19:18:09.6866667+00:00

For the Azure Functions you were talking about, how would I create the first function with the authentication enabled? And also, would the second function only be there to actively take the authentication information and pass it to APIM?

Share via

Using Azure App Service for authentication and as front-end for Azure API

1 additional answer

Your answer