NL | EN
Menu
Securing backend AppServices with VNET integration
 3 Minutes
 Backend & Cloud
 18 January 2021

Securing backend AppServices with VNET integration

Securing your backend AppService is not something you think of in the first place. A backend AppService could be called directly by suspicious persons with bad intensions. By securing your backend AppService, you will prevent backend APIs to expose critical data or that the AppService cost are increased by consuming more resources then actually needed.

Problem scenario

You have a web application that exists of a frontend AppService and a backend AppService. Normally, you would setup two AppServices that communicate with each other through HTTP calls. The frontend AppService calls the backend AppService and the backend AppService retrieves the data from a data source and returns the result back to the frontend AppService. This is a very common scenario within the Azure topology. 

The problem with this common scenario is that a suspicious person can call the backend AppService directly from anywhere in the world. Although the underlying AppService virtual machines are protected by Microsoft, it's still externally accessible instead of only being available for the consuming service

Appservice common scenario

Target scenario

To prevent direct connection from the internet, an Azure Virtual Network will be used to restrict access to the backend AppService by using IP-restriction. See below diagram.

restricted api

This illustration shows that the HTTPS traffic runs through the virtual network instead of the Internet. As a result, it is not possible to gain remote access to the backend by a malicious user.

Platform

To realize the platform, a number of Azure resources and configuration changes are needed.

Needed Azure resources

  • An Azure account and subscription
  • Azure Virtual Network with a delegating subnet
  • Azure AppService or an Azure Function as a backend (Api)
  • Azure AppService for the frontend (Web)

Steps (tutorial)

 A 3-step plan explains how azure resources are created and how azure resources can be configured to meet the target scenario.

Do you have questions about securing backend AppServices? Get in touch, we'll be happy to help.

  • azure
  • cloud
  • security
  • backend

Pascal is specialized in designing and developing Microsoft .NET applications both on-premise and in the cloud (Azure) based on SCRUM methodology. He values qualitative and maintainable code, using design patterns and (cloud) principles as much as possible.

All cookies accepted? Start exploring!
We use cookies to give you the best experience and to analyse how you use our website, these cookies are necessary for our website to function and cannot be switched off in our systems. We call these essential cookies as they are used to ensure site security and to provide core functionality. Without this type of technology, our website won't work properly. We also allow third parties to use tracking technologies for similar purposes. These cookies are used by social media services to enable you to share our content with your friends and networks.
View our privacy statement