I need to access on-premise web API (endpoints) from web app deployed in Azure

Sarah 156 Reputation points
2021-11-14T16:35:36.537+00:00

On-premise Web API application uses internal URL (not public URL). Both applications (on-premise API and Azure web app) are registered under same Azure AD (single tenant). My app will be used by maximum of 50 concurrent users. I would like to know if I can use Hybrid connection in this scenario ? Or will 50 concurrent users be too many connections for Hybrid ?

Also, I checked the below link. Can anyone guide me, what would be appropriate App service networking feature (if possible cost effective one as well) to connect on-premise API and azure web app ?
https://learn.microsoft.com/en-us/azure/app-service/networking-features

Suppose if I mange to get public URL of on-premise API endpoint, can you please confirm if I can directly access the API endpoints from Azure web app without any networking configuration ?

Thanks in advance.

Azure App Services
Azure App Services
A feature of Azure App Service used to create and deploy scalable, mission-critical web apps.
4,325 questions
{count} votes

Accepted answer
  1. ajkuma 13,476 Reputation points Microsoft Employee
    2021-11-15T20:07:41.037+00:00

    @Sarah ,

    Yes, you can certainly use Hybrid Connection to connect from the Azure Web App to the on-prem Web API privately. Typically, it should be able to handle that amount of load (see Hybrid connection usable in plan). One thing to note is that if you can reach that on-prem Web API on HTTPS, then you need ensure that the Azure Web App can trust the certificate, which it would not if the on-prem cert is self-signed or internally issued.

    The only ways to connect privately to the on-prem API would be hybrid connection, or by bridging the on-prem network and an Azure VNET using VPN or Express Route. If you do not already have a VPN between on-prem and Azure, that's probably not a fine option for just a 1 single app. In this case, Hybrid Connection would be better [based on your requirement].

    Yes, Web App can make default outbound connections against any public endpoint without any extra networking configurations. You would only need to whitelist the outbound IPs of the Web App on the target service's firewall, in case you’re using firewall.

    Additionally, Within App Service, Hybrid Connections can be used to access application resources in any network that can make outbound calls to Azure over port 443.
    Hybrid Connections provides access from your app to a TCP endpoint and does not enable a new way to access your app.

    Please see this doc Azure App Service Hybrid Connections and blog for more details.


0 additional answers

Sort by: Most helpful