locked
Authentication for App Service App RRS feed

  • Question

  • I am trying to create Authentication for an App Service app I have in the Azure Portal. I first attempted to use the Portal to create the authentication with the App Service App. App Services -> App Name -> Settings -> Authorization/Authentication. I followed the steps and set up authentication with a Microsoft Account. The initial setup was not painful and seemed to work well. Upon testing we discovered one major issue. The authentication allows anyone with a valid Microsoft Account to authenticate and login to the app. This is definitely not what we were trying to do. My question... is there any way to force the authentication to specifically allow only a certain user. For instance is there any way to use the service and change some setting that will only allow joesmith@outlook.com to authenticate and use the service?

    I also attempted to use the same process App Services -> App Name -> Settings -> Authorization/Authentication but instead chose Use Azure AD to authenticate users. This works very well but again with a major issue. Using this method seems to not only allow the user to authenticate to the App Service App but it also allows the user to login to our Azure Portal. Is there any way to prevent the authenticated user from being able to login to our Azure portal. We only want them to be able to access the App Service (web) application.

    Friday, July 22, 2016 7:45 PM

Answers

  • Using Microsoft Account authentication really isn't appropriate for restricting access to a web app. Social providers like Facebook, Twitter and Microsoft Account are really intended for allowing you to collect information about people who log into your app. For restricting access, Azure AD is the right provider to use. If you still want to use Microsoft Accounts (or another social provider) then you would need to implement the access control yourself - i.e. write code to only allow specific Microsoft Accounts to access the app.

    If you're using Azure AD as you suggested, it will absolutely NOT grant users access to your Azure Portal. The Azure AD configuration for your App Service app is completely unrelated to the Azure AD configuration for the Azure portal. I suggest double-checking your tests to make sure. Also, be sure to implement best practices like starting fresh in-private/incognito browser sessions when re-testing your assumptions.


    Saturday, July 23, 2016 12:28 AM