question

AndrewFrance-5844 avatar image
0 Votes"
AndrewFrance-5844 asked MarileeTurscak-MSFT commented

Securely Publish On-Prem Batch API

Hi,
We have an internal web application for administration, which needs to be available externally as well as internally. The Azure Application Proxy works perfectly for this, but there is one problem. The access to the Batch API is within the same address as the user portal, and requires direct access. So to make this work we need to set the pre-auth to passthrough, which mean we rely on the security of the web app login to be robust, and we cannot use conditional access.

On TMG we got round this by pinging off the path /api, but this doesn't appear to be possible in the Azure Application Proxy.

What we would like is for the main user portal to have Azure Active Directory pre-auth enabled, and whilst still allowing access to the batch api.

So far I have set up URL Rewrite on an internal IIS server, and I am able to swing the API requests through this on a separate app with a unique name. Maybe this is the solution?

If anyone has any idea an a better way of doing this I'd love to hear from you. As you can tell from the above I'm no expert at API access!

Thanks,
Andrew

azure-ad-application-proxy
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi Andrew,

I apologize for the late reply. Have you looked through this article that goes over some of the options for securing on-premises applications?

The solution you listed sounds plausible but I am reaching out to the product team for further guidance around this scenario.

0 Votes 0 ·

0 Answers