问题
I'm slowly getting up and running with ASP.NET Core web applications and I want to put my project online in order to be able to use it (and therefore know how to improve it) - also with mobile devices. But since I am at a learning stage where I am not aware of all the measures I should take to make it bullet-proof I want to secure my web application against possible misuse (at this point I have a pay-as-you-go plan and the usage is that low that it costs me only about one dollar per month).
I have the plan to move the website from "playgroud for myself" to "open for everyone" when the right time has come, therefore I am only interested in solutions that possibly scale.
I want to configure my Azure website in the most easiest fashion so that only I (with my specific Microsoft account) can sign in to my website. My preferred way would be to leave the code untouched and configure everything directly in the Azure portal (provided that it would also allow me to open it up at some time in the future for any user who is willing to sign in with their Microsoft account). I also want my website to have a link to sign me out (which is important to have around when accessing the website from a computer not belonging to me).
I have seen samples where authentication is added in the code of the web application and I know I could implement a database to take care of users who can sign in but this is not what I am looking for. Maybe it's too early for me (and my minimal understanding of ASP.NET web applications) to go online with what I have created but I have gathered very fruitfull experiences from "use what you build" especially in early learning stages in the past.
回答1:
It's pretty easy to set an Azure Web App to require Azure AD authentication. If you use the express settings outlined here, you will have a secured site that only users in your Azure AD tenant can see/use. Once you are ready to go live, you can easily remove this to allow unauthenticated access.
- In the Azure portal, navigate to your App Service app. In the left navigation, select Authentication / Authorization.
- If Authentication / Authorization is not enabled, select On.
- Select Azure Active Directory, and then select Express under Management Mode.
- Select OK to register the App Service app in Azure Active Directory. This creates a new app registration. If you want to choose an existing app registration instead, click Select an existing app and then search for the name of a previously created app registration within your tenant. Click the app registration to select it and click OK. Then click OK on the Azure Active Directory settings page. By default, App Service provides authentication but does not restrict authorized access to your site content and APIs. You must authorize users in your app code.
- (Optional) To restrict access to your site to only users authenticated by Azure Active Directory, set Action to take when request is not authenticated to Log in with Azure Active Directory. This requires that all requests be authenticated, and all unauthenticated requests are redirected to Azure Active Directory for authentication.
- Click Save.
来源:https://stackoverflow.com/questions/55435435/how-to-configure-an-azure-website-so-that-only-specific-users-can-access-it