I am planning on using an outsourcing team for data processing and want to avoid them downloading or storing client data on their local machines. To facilitate this, I want to create an Azure VM in which they can do all their work (msoft office, etc.) and access an ASP MVC app hosted as an app service in Azure. The MVC app is integrated with the corporate AD and for the outsourcing logins I want to see if the request is coming from my VM or the internet (the latter gets denied). So far I have: Created a ASP MVC5 app and an Azure VM Connected the two via VPN (point to site) When I attempt to go to the public URL for the website on the VM, I get the "this page can't be displayed" thing, which leads me to believe I'm on the right track (now I have to update the hostfile of the machine to the private IP of the mvc app service app?). How do I do the following: Connect to the app service via web browser (this needs to be over the vnet so that I can pick and choose in the app code who can login outside the network) Get the network ip of the app service so I can update the VM hostfile Am I on the right track here? Thanks in advance!

azureazure-web-app-serviceazure-active-directory

Reputation: 1092

Connect to Azure App Service from Azure VM

I am planning on using an outsourcing team for data processing and want to avoid them downloading or storing client data on their local machines. To facilitate this, I want to create an Azure VM in which they can do all their work (msoft office, etc.) and access an ASP MVC app hosted as an app service in Azure. The MVC app is integrated with the corporate AD and for the outsourcing logins I want to see if the request is coming from my VM or the internet (the latter gets denied). So far I have:

Created a ASP MVC5 app and an Azure VM
Connected the two via VPN (point to site)

When I attempt to go to the public URL for the website on the VM, I get the "this page can't be displayed" thing, which leads me to believe I'm on the right track (now I have to update the hostfile of the machine to the private IP of the mvc app service app?). How do I do the following:

Connect to the app service via web browser (this needs to be over the vnet so that I can pick and choose in the app code who can login outside the network)
Get the network ip of the app service so I can update the VM hostfile

Am I on the right track here? Thanks in advance!

Upvotes: 0

Answers (2)

Soma

Reputation: 3

you may want to try using cloud service, though MS recommends App Service, you requirement doesn't fit into App service..

Official documentation from MS: https://learn.microsoft.com/en-us/azure/cloud-services/cloud-services-startup-tasks-common

Block a specific IP address You can restrict an Azure web role access to a set of specified IP addresses by modifying your IIS web.config file. You also need to use a command file which unlocks the ipSecurity section of the ApplicationHost.config file.

Upvotes: 0

Kaushal Kumar Panday

Reputation: 2467

Your understanding of Azure App service is not accurate. Azure App service cannot be accessed via a private IP. They already sit inside a private vnet. They can be only accessed via public hostname with a common DNS name (azurewebsites.net)

Your scenario requires the Azure Web app and the VM to reside in the same VNET, which is not possible. There is another offering called ILB ASE, which allows you to do this. But it's a more elaborate setup. See this for more information: Using ILB with AN ASE

In your scenario you can restrict access to the web app via IP Restrictions module. See this article: IP & Domain Restrictions in Azure App Service

I understand this not the solution u wanted. What you want can be achieved via ILB ASE, but that is an expensive and elaborate set-up.

HTH

Upvotes: 1

Connect to Azure App Service from Azure VM

Answers (2)

Related Questions