I had developed an Azure WEB Application and published in Azure Web Services.
I need to restrict an access through internet and allow only to INTRANET.
Azure web app service is publicly accessed through the Internet. If you want to restrict an access through the internet and allow only to Intranet. You can put the Azure web app service in an Internal Azure App Service Environment so that this Web App isn't publicly accessible as it is sitting in a subnet inside a Virtual Network and it isn't exposed to the internet. Also, The Azure app service can communicate with the on-premise environment via VPN. For more ref: Networking considerations for an App Service Environment
However, the Isolated ASE is expensive. If you want it cheap and simple and the Web App does not need to access on-prem resources. You can put an IP restriction in the web.config or use AD authentication. Refer to this.
Related
I installed a MVC 5 web application on a cloud hosted server. It uses Windows authentication. The company itself uses a different domain than the servers in the cloud use.
For example. The company uses xycom as domain and the cloud computers use xycloudcom as domain.
The xycloudcom servers have access to the AD controller of the xycom domain.
Now I installed an application on the cloud server. It has only Windows Authentication enabled and all works fine when accessing from a computer and account in xycom domain.
The only issue is that I am not able to open the website from the server itself. It opens a dialog asking me for my credentials. If I enter them (my xycom account) I get a 401 Unauthorized.
If I enable Anonymous authentication I can open the web site. So it's not a DNS issue.
Can someone help to solve this issue since I need to trigger an action by a console application in ScheduledTasks using a web request.
Server is Windows 2012 R2.
You will not be able to open the site from the server, if that server is not on the same domain.
The integrated windows authentication would work only if there is a trust between your Cloud VM's domain and the xycom comain.
Hope this helps.
Our asp.net site needs to call standalone WCF service (in the same domain).
Application pool runs under Network Service account and impersonation is not used.
We also do not want to use credentials for accessing WCF as they require managing them for different environments and deployment configurations.
Is it possible to restrict the access to WCF from this account at particular machine of the domain (web server)?
Can we achieve this with web.config settings?
I have been struggling to find some resources that help explain, how we use the File Storage with Web App Service.
There are ways to use it with the old Web Roles, Check here (Using the Azure File Service in your Cloud Services (Web and Worker Roles)).
However, there is NO OnStart() methods in "Azure Web Service".
If you're looking for mapping a drive to your Azure File Service share in your Web App using SMB protocol, then I don't think you can do as of today.
What you could do is make use of Azure File Service REST API and manipulate shares and files that way. You don't have to actually use the REST API per se; you can simply use the latest version of .Net Storage Client library which is a wrapper over REST API.
Please see this link for more details on how to use this using Storage Client library: https://azure.microsoft.com/en-in/documentation/articles/storage-dotnet-how-to-use-files/.
Yes, you can. In Linux Web Apps and Windows Containers Web Apps only.
In the Web App, under Application Settings you will find Mount storage (Preview) section where you can mount Storage account. Works like a charm.
I have a WebAPI based master web service which provides a list of Azure Service Bus Relay endpoints for on-premises WCF services based on the client who logged onto the Master Service via a WPF desktop App using ADAL Azure Active Directory logon. This works fine, and the master service returns a Service Bus endpoint for the client who logged in.
The client can then connect to the WCF on-premises service via the returned Service Bus endpoint no problem.
However there are certain methods in the on-premises WCF service which need to impersonate the calling client-user and this is where I am stuck. Does anyone know of a way to be able to impersonate a client who has called a WCF service via the Azure Service Bus relay?? I can't "log the user on" in order to impersonate them because I don't know their domain password, I only have available their logon UPN.
You can potentially solve this problem in the same way I did when writing a paper about flowing an identity through azure service bus queues. You would need to have elevated priveledges for your service account running the on premise service which may introduce a vulnerability depending on how your solution works but if you can mitigate that then this approach would work.
The paper is on the following link:
Flowing a Windows Identity through Azure Service Bus Queues
http://microsoftintegration.guru/publications/whitepapers/
Hope this helps
Mike
I have a WCF service using wsHttpBinding and Windows Authentication hosted in an intranet environment.
Currently I am trying to host that service into Azure VM. Service is not able to authenticate as it is outside local domain.
Please let me know the steps or rather the configuration, I would need for achieving Windows Authentication. IIS configuration WCF web.config configuration etc.
There is a wealth of information at http://azure.microsoft.com/en-us/documentation/services/active-directory/
If you want to using your domain login's. There are a few approaches to doing this depending on your requirements and this documentation is very good in guiding you to the right solution.