What is Azure web app?

In this azure tutorial, we will discuss What is Azure web app?. Apart from this, we will also discuss on the below topics

• Azure web App architecture
• Difference between Azure web app and Azure app service
• Azure web app authentication and authorization
• Enable the web app authentication and authorization for the back end application
• Enable the web app authentication and authorization for the front end application
• Grant permission to the front end to access to the back end
• App Service Configuration to return a user access token
• Call API from the server code

What is Azure web app?

Azure Web App provides a hosting service in Azure which developers can use to develop different kinds of mobile applications or web applications. 

Or Azure Web Apps provides a platform to build different kinds of mobile applications or web applications. No need to deploy, configure, and maintain your own Azure virtual machine. 

• Azure AD group membership PowerShell
• How to create and add members to Azure Active Directory Group

There are various benefits of using this

• Supports multiple languages like Java, .Net, PHP, etc
• It supports continuous deployment and integration
• High availability and scalability support.
• Supports other platform integration. It can easily integrate with other platforms.
• No need to take the headache for the maintenance of the infrastructure.
• It supports different operating systems like Windows, Linux, etc.

In terms of deploying the Web Apps

• It supports deployments of web apps by using the visual studio, WebMatrix, etc.
• It supports copying different files manually by using FTP
• Easy Synchronization files and folders to OneDrive or Dropbox

These are the details on What is Azure web app?

Azure web App architecture

The below architecture shows how various Azure services fit together.

Resource group: This acts like a logical container that contains all the Azure resources.

App Service plan: This provides the managed virtual machines that host your applications.

Azure App Service: This is the platform for creating and deploying your mobile or web applications.

Azure DNS: This is a hosting service for the Domain. You can create and maintain your domains.

Storage bolb: Azure storage account with a blob container which is used to store the diagnostic logs.

Azure Active Directory: For authentication purpose.

Difference between Azure web app and Azure app service

 Web App

• The web app is a part of the most popular Azure app service.
• This is is a fully managed service that helps to develop and deploy business-standard web applications
• You can create a web site with span of seconds with the help of this.
• This platform supports  .NET, Java, PHP, Python frameworks, etc

Some of the important features are

• Can easily integrate with TFS, GitHub, etc
• Supports continuous integration and deployment
• It can develop a highly secure and standard web application.

Azure app service

Azure app service is a fully managed Platform as a Service that provides all the services needed to create different web apps, mobile apps, API Apps etc.

This platform integrates Microsoft Azure Websites, Mobile Services, and BizTalk Services into one.

The key features of Azure app services are

• You can build operating system independent applications
• Create and host web apps and mobile apps in a span of seconds.
• Can easily build tools to automate the business processes
• Can easily integrate with Office 365, Salesforce, Dropbox, etc
• Supports multiple languages like Java, .Net, PHP, etc

Azure web app authentication and authorization

This service has built in support for authentication and authorization.

Enable the web app authentication and authorization for the back end application

To configure the authentication for the back end apps, you can use the below steps

Login to the Azure portal (https://portal.azure.com/)

Search for the Resource groups

Click on the search result Resource groups and select your resource group from the list.

Now from your resource group page, click on the Overview tab. select your back end application from the list.

In your app’s page left menu, select Authentication / Authorization.

Select the App Service Authentication as On.

Select Log in with Azure Active Directory for Action to take when request is not authenticated option.

Under Authentication Providers, you need to select Azure Active Directory.

Click on the Azure Active Directory. From the Azure Active Directory Settings page, Select Express for the Management mode.

Keep the other options as it is and then select the Ok button.

Or you can Select Existing AD App for the Management mode options.

Select your Azure AD App by clicking that option. Now click on the OK button and now click on the Save button. You will see a notification on Successfully saved.

Select Authentication / Authorization again. Click on the Azure Active Directory(Configured) option

Now you can able to see the Azure app you have created.click on Azure AD App.

Copy the client ID to your notepad. and click on the Ok button.

Enable the web app authentication and authorization for the front end application

Above, we have discussed already how to enable the web app authentication and authorization for the back end application

To enable the web app authentication and authorization for the front end application, Follow the steps as above but skip the last step that is to copy the client ID. No need to do this step.

The back-end app now requires Azure Active Directory sign-in from the front-end app. To do this you need to configure below three things

• Grant permission to the front end access to the back end
• Configure App Service to return a usable token
• Use the token generated above in your code

Grant permission to the front end to access to the back end

To grant the permission to the front end access to the back end, we need to do the following configurations.

Login to the Azure portal (https://portal.azure.com/)

Search for the Azure Active Directory

Click on the App registrations link. Now you click on the Front end app name under All applications.

Now from the front end application page, Click on the API permissions link.

Click on the Add permission button under Configured permissions section.

From the Request API permissions page, search for your back end app under APIs my organization uses tab.

Click on the back end app.

Select the Delegated permissions button under What type of permission does your application require?

Tick(select) the user_impersonation option under Permission option.

Now click on the Add permissions button.

Now you can see user_impersonation permission has been added successfully.

App Service Configuration to return a user access token

In this step, we will configure the App Service authentication and authorization to give you a user access token for accessing the back end application.

Now search for the App services. Click on the front end web application and then click on the Resource explorer link from the left menu under Development Tools.

Click on the Go button from the Resource Explorer window. Now Azure Resource Explorer is opened with your front-end app selected in the resource tree

Select the Read/Write option at the top.

In the left browser, go to config > authsettings.

In the authsettings view, click Edit and set the below value for “additionalLoginParams”. Here the client id is the id of the back end app which you have copied earlier.

"additionalLoginParams": ["response_type=code id_token","resource=<Client id of your back end application>"],

Now you click on the Put button to save the changes.

Call API from the server code

Here in this step what we will do is we will enable our code to make authenticated calls to the back-end API

In your class file in front end application, in the constructor, You mention like the below code

public override void OnActionExecuting(ActionExecutingContext myappcontext)
{
    base.OnActionExecuting(myappcontext);

    _client.DefaultRequestHeaders.Accept.Clear();
    _client.DefaultRequestHeaders.Authorization =
        new AuthenticationHeaderValue("Bearer", Request.Headers["X-MS-TOKEN-AAD-ACCESS-TOKEN"]);
}

Save all your changes. In the local terminal window, deploy your changes to the front-end app. You can use the below git commands to deploy

git add .
git commit -m "Authorization Header"
git push frontend master

Azure web app service plan

An App Service plan is nothing but a set of computing resources for a web app to run. When an app is running on the app service behind the scene, the app is attached to an app service plan.

When you are creating any Azure web app service plan you need to select a region for that. So as per the Azure web app service plan, the number of computing resources is getting created in that particular region.

An Azure web app service plan is based on the below factors

1. Region
2. Number of VM instances
3. Size of the VMs
4. Pricing tier

Regions are like East India, West India, Central India, East US, West US etc.

Number of VM instances includes how many VM instances you want to use for the Azure web App operations.

Size of the VMs includes what are the sizes of the virtual machines(VM) you are using as part of your business requirement like 1 GB, 5 GB, 10 GB, etc.

Pricing tier includes what are features you are using and how much you are paying for that.

Below are few categories based on the pricing and features

Shared compute: Free and Shared– These are the two base tiers, that runs an app on the same Azure virtual machine as other App Service apps. Apps for the other customers also run on the same virtual machines.

These two basic tires are meant only for development and testing purposes.

Dedicated compute: Basic, Standard, Premium, PremiumV2, etc – Here the apps under this plan run on the dedicated virtual machines. Apps from the other customers are not allowed to run here.

The PremiumV2 tire is the new one that provides virtual machines with faster processors, SSD storage and double memory features.

PremiumV2 features includes all the Premium features with some extra features.

The virtual machines under this PremiumV2 features comes with the below three sizes

• Small (1 CPU core, 3.5 GB memory)
• Medium (2 CPU cores, 7 GB memory)
• Large (4 CPU cores, 14 GB memory)

Isolated: This is tier that runs with dedicated Azure virtual machines on dedicated Azure Virtual Networks

App Service plan cost

For App Service plan, there is an hourly charge for all the tires except the Free tire plan

In the Shared tier, Based on CPU minutes you will get charged per hour.

For Basic, Standard, Premium, PremiumV2 tires, you need to pay for each VM instances per hourly basis.

In the Isolated tier, you need to pay for each worker in a hourly basis.

I have written an article on that. For more information on the pricing details refer to How to create an Azure web app using PowerShell

You may like following Azure tutorials:

• New-AzureRmResourceGroup: ‘this.Client.SubscriptionId’ cannot be null
• Azure Domain name service
• The term ‘Get-AzureRmVM’ is not recognized as the name of a cmdlet

Conclusion

In this Azure tutorial, We discussed

• What is Azure web app?
• Difference between Azure web app and Azure app service
• Azure web App architecture
• web app authentication and authorization in Azure
• Enable the web app authentication and authorization for the back end application
• Enable the web app authentication and authorization for the front end application
• Grant permission to the front end to access to the back end
• App Service Configuration to return a user access token
• Call API from the server code
• Azure web app service plan