Your company wants to move its web apps to the cloud, and they’ve asked you to evaluate Azure App Service. In this module, you’ll explore the key components and value of Azure App Service, understand how it manages authentication and authorization, learn methods to control inbound and outbound traffic to your web app and deploy an app using Azure CLI commands.
Explore Azure App Service
Azure App Service is a service that hosts web applications, REST APIs, and mobile backends. It supports various programming languages and frameworks, and you can easily scale your applications on both Windows and Linux-based environments.
Auto Scaling
Azure App Service allows you to scale your resources up or down based on usage. You can adjust the underlying machine’s resources, such as the number of cores or amount of RAM, to match your app’s needs. Scaling out or in allows you to increase or decrease the number of machine instances running your web app.
Continuous Deployment
The Azure portal provides built-in continuous integration and deployment with services like Azure DevOps, GitHub, Bitbucket, FTP, or a local Git repository. You can connect your web app to any of these sources, and App Service will automatically sync your code and future changes.
Deployment Slots
With deployment slots, you can use separate slots for deploying your web app instead of the default production slot. This feature is available in the Standard App Service Plan tier or better. Deployment slots are live apps with their own hostnames, and you can swap content and configurations between different slots, including the production slot.
App Service on Linux
Azure App Service supports hosting web apps natively on Linux and running custom Linux containers. It offers built-in images for popular languages and frameworks such as Node.js, Java, PHP, Python, .NET, and Ruby. If your required runtime isn’t available in the built-in images, you can deploy a custom container.
App Service Plans
In App Service, your app always runs in an App Service plan, which defines the compute resources for your app. You can choose the operating system, region, number and size of virtual machine instances, and pricing tier for your App Service plan. Different pricing tiers offer varying features and scaling capabilities.
Scaling and Isolation
You can scale your App Service plan up or down at any time by changing the pricing tier. If you want to isolate your app’s compute resources or need additional capabilities, you can move your app to a separate App Service plan.
Deploying to App Service
App Service supports both automated and manual deployment methods.
Automated Deployment
You can automate deployment directly from sources like Azure DevOps Services, GitHub, and Bitbucket. Azure DevOps Services allows you to build, test, and deploy your code, while GitHub and Bitbucket enable direct deployment. These automated methods minimize the impact on end users and speed up the deployment process.
Manual Deployment
App Service offers several options for manual deployment. You can use Git by adding the App Service web app’s Git URL as a remote repository. The webapp up command in the Azure CLI packages and deploys your app. Additionally, you can use Zip deploy by sending a ZIP file of your application files via HTTP utilities or deploying through FTP/S.
Deployment Slots
When deploying a new production build, it’s recommended to use deployment slots. By using slots, you can deploy your app to a staging environment and then swap it with the production slot. This swap operation ensures a smooth transition with no downtime.
Authentication and Authorization in App Service
Azure App Service provides built-in support for authentication and authorization, allowing you to sign in users and control access to data without writing extensive code.
Built-in Authentication
Azure App Service offers out-of-the-box authentication integration with various identity providers, such as Microsoft Identity Platform, Facebook, Google, Twitter, and more. You can integrate multiple login providers without requiring specific language or security expertise.
Authentication Flow:
App Service’s authentication module handles user authentication, token validation, and session management. It runs separately from your application code and can be configured through Azure Resource Manager settings or a configuration file. The authentication flow depends on whether you use the provider’s SDK for sign-in or delegate sign-in to App Service.
Authorization Behavior
You can configure App Service to allow unauthenticated requests or require authentication for all incoming traffic. You can also set up access restrictions to limit access to specific IP addresses or implement redirection to identity providers for authentication.
Token Store
App Service provides a built-in token store where authentication tokens associated with users of your web app or API are stored. Enabling authentication with any provider makes this token store available for your app.
Network Features in App Service
By default, apps hosted in App Service are accessible through the internet and can reach internet-hosted endpoints. However, for more control over inbound and outbound network traffic, App Service offers various networking features.
Multi-Tenant Networking
App Service operates in a multi-tenant environment, where different customers share the same scale unit. To control inbound traffic, you can use features like app-assigned addresses, access restrictions, service endpoints, and private endpoints.
Outbound Addresses
Worker VMs in App Service have outbound addresses used for making outbound calls. These addresses are shared among all apps running on the same worker VM family in the App Service deployment. You can find the outbound IP addresses currently used by your app in the Azure portal or through Azure CLI commands.
Conclusion
Azure App Service is a powerful platform for hosting web applications, REST APIs, and mobile backends. It provides features like auto-scaling, continuous deployment, deployment slots, and built-in authentication and authorization. By understanding App Service plans, deployment options, and networking features, you can effectively deploy and manage your applications in the cloud.