Microsoft Azure: Azure App Service Deployment and Security

goay xuan hui
3 min readJul 10, 2021

--

What does Azure App Service do?

Now, most of the websites have moving pieces like shopping carts that require a server to host these things and process them.

This is where Azure App Service comes in. It is basically a platform that allows us to write our backend codes, store them and deploy them.

What does Azure App Service mean to Developers?

It is a Platform as a Service (PaaS). The beauty of having a platform that a VM is that you can just focus on writing your codes, use the tools that you are familiar with without having to worry about updating or patching your VMs.

Deployment and Staging Slots under Azure App Service

Under each app service plan, you can deploy multiple app services. Each app services can have slots like deployment or staging slots.

Deployment Slot: https://live.azurewebsites.net

Staging Slot: https://live.azurewebsites.net

Staging Slot allows you to do testing in staging environment before pushing it into production environment and also move forwards and backwards in your commit (redo button :).

The coolest thing is you can even test whatever you working in stage environment is working properly and not going to break by configuring testing in production.

Security Aspects under Azure App Service

  • If authentication is needed to access the web application, ensure App Service Authentication is set on Azure App Service.
1. Login to Azure Portal using https://portal.azure.com 
2. Go to App Services
3. Click on each App
4. Under Setting section, Click on Authentication / Authorization
5. Ensure that App Service Authentication set to On
az webapp auth show --resource-group --name --query enabled
-- The output should return true
  • If the app needs to connect to other Azure services like Azure SQL Database, ensure that “Register with Azure Active Directory” is enabled on App Service. Managed service identity in App Service makes the app more secure by eliminating secrets from the app such as credentials in the connection string.
1. Login to Azure Portal using https://portal.azure.com 
2. Go to App Services
3. Click on each App
4. Under the Setting section, Click on Identity
5. Ensure that Status set to On
az webapp identity show --resource-group --name --query principalId
-- The output should return unique Pricipal ID
  • Encryption keys, certificate thumbprints and managed identity credentials can be coded into the App Service, this renders them visible as part of the configuration. To maintain security of these keys, it is better to store in them in Azure Keyvault and reference them from the Keyvault.
1. Login to Azure Portal using https://portal.azure.com 
2. Go to Key Vaults
3. Ensure that key vault exists and keys are listed

References:

(549) Azure App Service Web Apps | Azure Friday — YouTube

What is Azure App Service, App Service Plans and App service Environment? — Bing video

(551) Testing in production with Azure App Service | Azure Friday — YouTube

--

--

goay xuan hui

A food lover, a cyber security enthusiast, a musician and a traveller, so you will see a mix of different contents in my blog. ☺️