I have an application that consists of a "front-end" website, and a back-end web API. Iwant the end users of my application to be able to access the front-end website, but ionly want the front end to be accessible to the end users. The back-end should be locked down so it is only callable from the front-end.
Please suggest some better solution, I have tried multiple things but did not get any proper solution.
Then you asked an invalid question. The so called "front-end" is just HTML+JavaScript, so everything is visible to your end users, and they can feel free to call your back-end in the same way. There is no way to prevent your end users from doing so (things like headless Chrome are even more convenient for them). Don't waste your time on such, but harden your back-end with proper authentication/authorization.
Have you tried to use service endpoint for App Service?
Here is some references that could be helpful:
I tried service endpoints, after that my web app is not able to connect with API app, getting 403 IP forbidden error.
8 People are following this question.
