13 Maret 2012 19:36
I have a requirement where I need to allow only a set of URLs for "outbound" calls from the Windows Azure application. It looks like Windows Firewall only allows specifying IP Addresses. IP Addresses can be dynamic and can cause security/maintenance issues if I were to go down that route.
Is there a recommended approach in Windows Azure Platform for imposing outbound restrictions by URLs (or domain names) instead of IP Addresses?
14 Maret 2012 7:55Moderator
According to your description, if you want to allow a set of customers or users access your Windows Azure application, i think authentication is a better method for achieving your goals, you can maintain a authentication module for it, such as Access control service in Windows Azure, you can add many identity providers with ACS (ADFS, WIF, WS-Federation, Windows Live, Google, etc). Check this link for more details about ACS:
Hope it can help you.
14 Maret 2012 20:08
ACS can be used to control "inbound" access to the Azure Application. What I would like to do is allow "outbound" access only to a specific set of endpoints (URLs). These endpoints could be a 3rd party web services our app is using.
Does ACS have any support for something like this?
Today we can use Windows Firewall to do this type of set up by IP Addresses. However, the firewall does not allow configuring host names. We don't want to depend on IP Addresses since they are subject to change. So, any alternatives here when doing this type of thing in Azure?
15 Maret 2012 2:19Moderator
Why do you want to control "outbound" access from Azure VM? If your application only access the specific set of endpoints, Azure VM will not access other endpoints, you need only maintain these set of endpoints.
- Ditandai sebagai Jawaban oleh Arwind - MSFTModerator 21 Maret 2012 10:37