Authenticate backend Webapp access

a8ree1 21 Reputation points
2020-11-13T15:47:36.81+00:00

I've got two Web Apps contained within the same App Service Plan. They are node.js with one operating as the client and the other as the server to the backend MySQL database.

Currently, anyone who knows about the server WebApp can access its URL and therefore the data. Whilst the database only contains public data, I'd prefer to restrict the access to the API that the server WebApp provides.

I enabled authentication with AAD for the server WebApp and restricted this. I am able to add in a test user and only it is able to authenticate to the server - which is good. I'm now trying to determine how I can give the client Web App access to the server WebApp.

Within the console, it appears that I can only add users.

Can someone give me a steer on what I need to do to?

Azure App Service
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
7,630 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Ryan Hill 27,686 Reputation points Microsoft Employee
    2020-11-16T03:50:31.687+00:00

    Hi @a8ree1 ,

    For your client app, you can use the system managed identity on your client app to delegate impersonation privileges to your back-end app. https://learn.microsoft.com/en-us/azure/app-service/tutorial-auth-aad?pivots=platform-windows#enable-authentication-and-authorization-for-back-end-app it a tutorial for how you can configure your front-end app.

    Feel free to comment below should you run into any issues.

    Regards,
    Ryan

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.