7

For different reasons I'm using Azure's App Service to serve static files. I would like to secure this access by Http Basic Authentication which is enough for my purposes. How can I do that? I tried uploading .htpasswd but it does not seem to work.

I'm not using ASP.NET so no way to do it in code. In Azure's portal I see options like Google, Facebook, Twitter login under App Service -> Authentication/Authorization but it's huge overhead for me.

Tomasz Madeyski
  • 173
  • 1
  • 1
  • 6

3 Answers3

5

It is possible to enable Basic Authentication for Azure Web Apps with some settings in the applicationHost.xdt. You can load some modules in this file on the start of your Web App.

Steps:

  • Navigate to your WebApp in the Azure Portal
  • In the left menu, search for the header Development Tools an select Advanced Tools (Kudu)
  • Use the Debug Console > CMD tool, to navigate to the WebApp directory: \home\site
  • Create a file named: applicationHost.xdt
  • Paste the following:
<?xml version="1.0"?>
<configuration xmlns:xdt="http://schemas.microsoft.com/XML-Document-Transform">
  <location path="%XDT_SITENAME%" xdt:Locator="Match(path)">
    <system.webServer>
      <rewrite xdt:Transform="InsertIfMissing">
        <allowedServerVariables xdt:Transform="InsertIfMissing">
          <add name="RESPONSE_WWW_AUTHENTICATE" xdt:Locator="Match(name)" xdt:Transform="InsertIfMissing" />
        </allowedServerVariables>
        <rules xdt:Transform="InsertIfMissing">
          <rule name="BasicAuthentication" stopProcessing="true" xdt:Transform="InsertIfMissing" xdt:Locator="Match(name)">
            <match url=".*" />
            <conditions>
              <add input="{HTTP_AUTHORIZATION}" pattern="^Basic dXNlcjpwYXNzd29yZA==" ignoreCase="false" negate="true" />
            </conditions>
            <action type="CustomResponse" statusCode="401" statusReason="Unauthorized" statusDescription="Unauthorized" />
            <serverVariables>
              <set name="RESPONSE_WWW_AUTHENTICATE" value="Basic realm=Project" />
            </serverVariables>
          </rule>
        </rules>
      </rewrite>
    </system.webServer>
  </location>
</configuration>
  • Change the Basic Auth to your liking (default in example is: user:password)
  • Make sure the web.config rewrite rules don't contain <clear /> as this wil remove the effects from the applicationHost.xdt file
  • Save the file and Stop and Start your WebApp (a simple Restart will not suffice)

Notes:

  • Not sure if this works on Linux based WebApps..
  • You can add this step to you're deployment pipelines by using FTP
  • Update: I've noticed issues with applicationHost.xdt while using it on secondary Web App slots. Only the primary slot seems to work.
The_Switch
  • 51
  • 1
  • 3
2

Currently, it is not possible. Azure webapp does not support this.

You could check this feedback.

Shui shengbao
  • 3,503
  • 1
  • 10
  • 20
2

Basic Authentication is not currently supported within Azure Web Apps via the Azure Portal.

However DevBridge provides an module which allows Basic Authentication to be enabled.

https://www.alexlindgren.com/posts/password-protect-azure-website-with-basic-authentication/

https://www.alexlindgren.com/posts/password-protecting-azure-websites-revisited/

https://www.devbridge.com/articles/basic-authentication-for-windows-azure-websites/

Source code https://github.com/devbridge/AzurePowerTools/tree/master/Devbridge.BasicAuthentication

Andrew
  • 393
  • 1
  • 3
  • 6