使后端API仅可通过Azure API管理访问 [英] Make back end APIs only accessible via Azure API management

问题描述

我在Azure中部署了多个Web API，但未应用身份验证，因此任何可以访问Internet的人都可以访问Web API.

I have multiple Web APIs deployed in Azure without applying authentication, so anyone has access to internet has the access to the Web APIs.

现在，我想对Web API应用身份验证，而不是在不同的Web API中实现相同的身份验证逻辑，我发现Azure API网关(API管理)是一个潜在的解决方案.

Now I would like to apply authentications to the Web APIs, instead of implementing the same authentication logic in different Web APIs, I found Azure API gateway (API management) is a potential solution.

借助Azure API管理文档，我了解到我可以应用诸如 validate-jwt 之类的策略来验证对后端Web API的请求.但是，后端Web API的端点仍可供用户使用.

With Azure API management documentation, I learned I can apply policies like validate-jwt to authenticate requests to back end Web APIs. However, endpoints of the back end Web APIs are still available to users.

那么，我应该如何隐藏它们?我必须定义一个子网还是Azure API管理具有此功能?

So, how should I hide them? Must I define a sub network or does Azure API management have a feature for this?

推荐答案

最近我也遇到了同样的问题.最后，我通过使用"IP限制"功能找到了解决方案.请参阅以下步骤:

Recently I also had this same problem. Finally I found the solution by using 'IP Restrictions' function. See the following steps:

1)转到Azure门户中的"API管理概述"页面，复制VIP.

1) Go to your API management Overview page in Azure portal, copy the VIP.

2)在您的Web APP中>联网

2) In your Web APP > Networking

3)粘贴到您的VIP中

3) Paste in your VIP

这篇关于使后端API仅可通过Azure API管理访问的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！