Reputation: 597
Securing API App Service sitting behind Azure API Management
I have a design issue that I've been struggling with in Azure. I have created a .NET Core API and deployed it as an App Service in Azure. On top of that, I have an instance of Azure API Management with oAuth 2 securing it. I was able to achieve this by following this tutorial:
https://learn.microsoft.com/en-us/azure/api-management/api-management-howto-protect-backend-with-aad
So, the API Management instance is secured with policies and rate limiting, but the back-end URL is wide open and requires no authentication. What is the best process to secure the back-end URL?
Upvotes: 5
Views: 4347
Answers (2)
Reputation: 2535
Another way would be to enable Private Endpoint on your App Service. This way, APIM can connect privately to the App Service without the need for public internet connectivity.
See more:
https://learn.microsoft.com/en-us/azure/app-service/networking/private-endpoint
Upvotes: 0
Reputation: 12153
you can set APIM public IP in accessing whitelist of your App service to make sure only APIM requests will be able to access your App Service. For how to set IP restriction , you may refer to this doc : https://learn.microsoft.com/en-us/azure/app-service/app-service-ip-restrictions#adding-and-editing-ip-restriction-rules-in-the-portal
Upvotes: 6
Related Questions
- API Management Basic Authentication
- Securing an endpoint on Azure API Management so that only an app (no login) can call it
- How to prevent direct access to API hosted in Azure app service
- Azure API Management: Using OAuth to secure a connection between the gateway and a backend?
- Azure Apim authentication for apis
- Authenticate Against Azure API Management
- How do I secure Azure API Management APIs using Azure B2C
- API Management and Application authentication
- Securing Azure API
- Bluemix API Management, secure the API implementation