In this Azure tutorial, we will discuss a complete tutorial on Azure Web Apps that includes What is Azure web app, etc.
Table of Contents
- Azure Web Apps
- What is Azure Web App
- Benefits Of Azure Web App
- Azure web App architecture
- Azure web app authentication
- Enable the web app authentication and authorization for the back-end application
- Enable the web app authentication and authorization for the front-end application
- Grant permission to the front end to access to the back end
- App Service Configuration to return a user access token
- Call API from the server code
- Azure Web App Example
Azure Web Apps
Azure Web App provides a platform to build different kinds of mobile applications or web applications. There is no need to deploy, configure, and maintain your Azure virtual machine.
What is Azure Web App
Azure Web App provides a hosting service that developers can use to develop different kinds of mobile applications or web applications.
Benefits Of Azure Web App
There are various benefits of using Azure Web App
- Supports multiple languages like Java, .Net, PHP, etc
- It supports continuous deployment and integration
- High availability and scalability support.
- Supports other platform integration. It can easily integrate with other platforms.
- No need to take the headache for the maintenance of the infrastructure.
- It supports different operating systems like Windows, Linux, etc.
In terms of deploying the Web Apps
- It supports deployments of web apps by using Visual Studio, WebMatrix, etc.
- It supports copying different files manually by using FTP
- Easy Synchronization of files and folders to OneDrive or Dropbox
These are the details on What is Azure web app? is and the key benefits of using the Azure Web App.
Azure web App architecture
The architecture below shows how various Azure services fit together.
Resource group: This is a logical container containing all the Azure resources.
App Service plan: This provides the managed virtual machines that host your applications.
Azure App Service: This platform for creating and deploying your mobile or web applications.
Azure DNS: This is a hosting service for the Domain. You can create and maintain your domains.
Storage bolb: Azure storage account with a blob container used to store the diagnostic logs.
Azure Active Directory: For authentication purposes.
Azure web app authentication
This service has built-in support for authentication and authorization.
To configure the authentication for the back-end apps, you can use the below steps
- Login to the Azure portal (https://portal.azure.com/)
2. Search for the Resource groups
3. Click on the search result Resource groups and select your resource group from the list.
4. Now, from your resource group page, click on the Overview tab. select your back-end application from the list.
5. In your app’s page left menu, select Authentication / Authorization.
- Select the App Service Authentication as On.
- Select Log in with Azure Active Directory for Action to take when request is not authenticated option.
- Under Authentication Providers, you need to select Azure Active Directory.
6. Click on the Azure Active Directory. Select Express for the Management mode from the Azure Active Directory Settings page.
- Keep the other options, and then select the OK button.
- Or you can select the Existing AD App for the Management mode options.
- Select your Azure AD App by clicking that option. Now click on the OK button and click on the Save button. You will see a notification on Successfully saved.
- Select Authentication / Authorization again. Click on the Azure Active Directory(Configured) option
- Now, you can see the Azure app you have created. Click on the Azure AD App.
- Copy the client ID to your notepad. Click on the OK button.
Above, we have already discussed how to enable the web app authentication and authorization for the back-end application
To enable the web app authentication and authorization for the front-end application, Follow the steps above but skip the last step, which is to copy the client ID. No need to do this step.
The back-end app now requires Azure Active Directory sign-in from the front-end app. To do this, you need to configure the three things
- Grant permission to the front end access to the back end
- Configure App Service to return a usable token
- Use the token generated above in your code
Grant permission to the front end to access to the back end
We need to do the following configurations to grant permission to the front-end access to the back end.
- Log in to the Azure portal (https://portal.azure.com/)
- Search for the Azure Active Directory
- Click on the App Registrations link. Now, you click on the front-end app name under All Applications.
- Now, click on the API permissions link from the front-end application page.
- Click on the Add Permission button under the Configured Permissions section.
- From the Request API permissions page, please search for your back-end app under the APIs my organization uses tab.
- Click on the back-end app.
- Select the Delegated permissions button under What type of permission does your application require?
- Tick(select) the user_impersonation option under the Permission option.
- Now click on the Add Permissions button.
- Now you can see that user_impersonation permission has been added successfully.
App Service Configuration to return a user access token
In this step, we will configure the App Service authentication and authorization to give you a user access token for accessing the back-end application.
- Now search for the App services. Click on the front-end web application and then click on the Resource Explorer link from the left menu under Development Tools.
- Click on the Go button from the Resource Explorer window. Now Azure Resource Explorer is opened with your front-end app selected in the resource tree
- Select the Read/Write option at the top.
- In the left browser, go to config > authsettings.
- In the authsettings view, click Edit and set the below value for “additionalLoginParams”. Here, the client ID is the ID of the back-end app that you have copied earlier.
"additionalLoginParams": ["response_type=code id_token","resource=<Client id of your back end application>"],
- Now, you click on the Put button to save the changes.
Check out: Azure Web App Service Plan
Call API from the server code
Here, in this step, we will enable our code to make authenticated calls to the back-end API
In your class file in the front-end application, in the constructor, You mention the below code
public override void OnActionExecuting(ActionExecutingContext myappcontext)
new AuthenticationHeaderValue("Bearer", Request.Headers["X-MS-TOKEN-AAD-ACCESS-TOKEN"]);
Save all your changes. In the local terminal window, deploy your changes to the front-end app. You can use the below git commands to deploy
git add .
git commit -m "Authorization Header"
git push frontend master
Azure Web App Example
Find an Example of an Azure Web App now.
You may like the following Azure tutorials:
- Azure Web App vs App Service
- Azure web app for containers vs AKS vs container instances
- Azure Domain name service
- Why is Azure So Expensive? The Areas You Are Neglecting and Their Solutions
In this Azure tutorial, We discussed a complete tutorial on Azure Web Apps. I hope you enjoyed this article !!!
I am Bijay, a Microsoft MVP (10 times) having more than 17 years of experience in the software industry. During my IT career, I got a chance to share my expertise in SharePoint and Microsoft Azure, like Azure VM, Azure Active Directory, Azure PowerShell, etc. I hope you will learn from these Azure tutorials. Read more