Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,444 questions
Securely Publish On-Prem Batch API
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(6.4, 95%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAF%3C/text%3E%3C/svg%3E)
Andrew France
1
Reputation point
Hi,
We have an internal web application for administration, which needs to be available externally as well as internally. The Azure Application Proxy works perfectly for this, but there is one problem. The access to the Batch API is within the same address as the user portal, and requires direct access. So to make this work we need to set the pre-auth to passthrough, which mean we rely on the security of the web app login to be robust, and we cannot use conditional access.
On TMG we got round this by pinging off the path /api, but this doesn't appear to be possible in the Azure Application Proxy.
What we would like is for the main user portal to have Azure Active Directory pre-auth enabled, and whilst still allowing access to the batch api.
So far I have set up URL Rewrite on an internal IIS server, and I am able to swing the API requests through this on a separate app with a unique name. Maybe this is the solution?
If anyone has any idea an a better way of doing this I'd love to hear from you. As you can tell from the above I'm no expert at API access!
Thanks,
Andrew
{count} votes
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(214.4, 81%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMT%3C/text%3E%3C/svg%3E)
Marilee Turscak-MSFT 33,801 Reputation points Microsoft Employee2021-03-29T22:34:30.363+00:00 Hi Andrew,
I apologize for the late reply. Have you looked through this article that goes over some of the options for securing on-premises applications?
The solution you listed sounds plausible but I am reaching out to the product team for further guidance around this scenario.
Sign in to comment