Deploying a protected ASP.NET Core web API and calls the API from Desktop application

In this guide, we will deploy our project component, TodoListService to Azure App Services.

Table of Content



We will deploy our web API on Azure App Services.

Publish the Web API

There are two ways to publish the app:

  • Publish using Visual Studio
  • Publish using Visual Studio Code

Publish using Visual Studio

Follow the instructions at Publish a Web app to Azure App Service using Visual Studio.

Publish using Visual Studio Code

Using a command line interface such as VS Code integrated terminal, follow the documentation Publish an ASP.NET Core app to Azure with Visual Studio Code.

Configure the Web API

On the App Services portal, click on the Configuration blade and set the stack property to .NET Core.


Disabling Azure AD authentication

Still on the App Services portal, click on the Authentication/Authorization blade. There, make sure that the App Services Authentication is switched off (and nothing else is checked), as we are using our own authentication logic.


Modify app.config

  1. Open the TodoListClient\app.config file
  2. Find the key todo:TodoListBaseAddress and replace the existing value with the Resource Uri that you've just obtained in deploying TodoListService on App Service (e.g.
  3. Re-build and run your client application.


Here we discuss some of the more important aspects of deploying multi-tenant application suites.

Known Issues

  • In case you receive the HTTP Error 500.30 - ANCM In-Process Start Failure error for your Web API on Azure App Services, try adding this line to TodoListService/TodoListService.csproj and re-deploy your project:
       <AspNetCoreHostingModel>OutOfProcess</AspNetCoreHostingModel> // Add this line

[!NOTE] Did the sample not work for you as expected? Did you encounter issues trying this sample? Then please reach out to us using the GitHub Issues page.

Consider taking a moment to share your experience with us.

More information

Code of Conduct

This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact with any additional questions or comments.