How to implement Azure App Proxy for external mobile access to an internal service?

이 현무 60 Reputation points
2024-10-29T07:28:15.34+00:00

About using Azure App Proxy to access internal servers without using a VPN

I have an internal service that can be accessed from the outside via Microsoft entra id by specifying a URL.

I want to use this on mobile as well,

I have published a mobile service on my internal server through IIS and using it.

But if I want to use it externally, can I do the same thing?

And do I need to add a separate MSAL authorization to the mobile native app?

Do I need to send a token when calling the service to make the call?

Azure App Configuration
Azure App Configuration
An Azure service that provides hosted, universal storage for Azure app configurations.
240 questions
Azure App Service
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
8,093 questions
{count} votes

Accepted answer
  1. Shree Hima Bindu Maganti 1,585 Reputation points Microsoft Vendor
    2024-11-04T15:16:44.13+00:00

    Hi 이 현무 ,
    welcome to the Microsoft Q&A Platform!

    Yes, you can use Azure Application Proxy to enable secure external access to your internal service without needing a VPN. This works well for mobile access as well and integrates with Microsoft Entra ID (formerly Azure Active Directory) to provide secure, identity-based access.
    Set up Azure AD Application Proxy:

    • In Azure Active Directory, go to Enterprise applications > Application Proxy.
    • Register your internal application and set the Internal URL to your service hosted on IIS.
    • Use the generated External URL to access the service from outside.

    Enable Pre-Authentication:

    • Set Pre-authentication to Azure Active Directory to require Entra ID authentication.

    Integrate MSAL in Mobile App:

    • Use Microsoft Authentication Library (MSAL) in your mobile app to authenticate users and obtain access tokens.

    Send Access Token in Requests:

    • After authentication, add the access token to API requests with Authorization: Bearer <token>.

    Access the Service:

    • Use the External URL in your mobile app to call the proxied internal service securely.
      If the answer is helpful, please click "Accept Answer" and kindly upvote it.

0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.