Restrict Access to my Azure Web App only to my web job?

Question

I am trying to restrict access to my azure web app only to one of my web jobs. Can I use IP Restrictions to achieve this.

Answer 1

To achieve this type of restriction, IP Based restriction will not be of use for the following reasons:

• There might be other applications(owned by you, in case of standard above plans, or other customer apps in case of free/shared planes) that will be running on the same server and those also will have access to your web app.
• There is no fixed outbound IP for your web job as it might be moving to different instances (in case you have multiple instances in your app)

A quick and easy solution for your original problem is:

1. Implement either BASIC Auth (username/pwd) or Bearer token Auth on your web app side.
2. From your web Job (in the Invoke-WebRequest) pass either the username/pwd or auth token based on whichever auth mode you choose.

Here are a few links that discuss implementing Basic Auth for Azure Web Apps and how to call such an app via PowerShell:

1. How to use the script (Invoke-WebRequest -Uri) to pass a parameter to your page Use Invoke-WebRequest with a username and password for basic authentication on the GitHub API

2. How to use a C# code in the Web App to authenticate the request parameter
   https://learn.microsoft.com/en-us/rest/api/datacatalog/authenticate-a-client-app

Since with basic authentication, credentials are passed in plaintext an can be easily decoded, we recommend that the web job calls the WebApp URL over SSL. Also, Basic Auth is one of the simplest authentication mechanisms, there are other more complex authentication schemes available too that you might want to explore.