Securing your web app in Azure

by Frans Lytzen | 29/04/2018

So you have deployed your web app to Azure. Now, how do you go about making it secure? I gave a talk on this topic at DotNet Oxford on 24 April 2018 and recorded it. You can view the video below.

The video runs through a scenario using an ASP.Net Web App hosted on Azure App Service and covers a number of features you can use to improve your security - as well as a number of features that are not available for App Services.

The talk covers a lot of ground in an hour and everything is kept at a high level, but is nonetheless heavy on examples and code. Watching the video myself, I realised I say "Okay" and "So" way, way too much. Sorry...


James World made this nice sketch note of the talk, reproduced with permission. Sketch note


The source code is on GitHub.

Some key timings

Use SSL11:03
Virus scanning20:01
WAF21:00
Vnet23:20
Azure Key Vault26:10
Managed Service Identity27:50
Use Key Vault and managed identify to store secrets29:55
ASP.Net Core configuration with Key Vault31:55
Connect to Azure SQL with Managed Identity (or not)36:27
Encrypt data at rest38:00
Require secure transport40:30
SQL Always Encrypted41:40
Storage client-side encryption (not shown)52:00
Use Azure AD to access Azure53:25
Use Azure AD to access Azure SQL54:05
Supporting Security tools in Azure56:50
Detection57:45

Originally posted on Frans' blog.


Share this article

You Might Also Like

Explore more articles that dive into similar topics. Whether you’re looking for fresh insights or practical advice, we’ve handpicked these just for you.

Design, Code, AI: Behind the Scenes of Our Craft IT Logo Generator and Gallery

by Marcin Prystupa | 07/07/2025

A behind-the-scenes look at how we built two interactive apps for the Craft IT conference booth – and how I, a UX designer, ended up deep in React code with a little help from AI.

AI Isn’t Magic: Why Predictive Accuracy Can Be Misleading

by Frans Lytzen | 15/04/2025

One of the biggest misconceptions in AI today is how well it can actually predict things – especially things that are rare. This is most directly applicable to Machine Learning (as they are just statistical models) but the same principle applies to LLMs. The fundamental problem is the same and AI is not magic. In reality, AI’s predictive power is more complicated. One of the key challenges? False positives—incorrect detections that can significantly undermine the value of AI-driven decision-making. Let’s explore why this happens and how businesses can better understand AI’s limitations.

From Figma Slides to Svelte Page in Under an Hour – How I Accidentally Proved My Own Point

by Marcin Prystupa | 10/04/2025

A quick case study on how I went from a Figma presentation to a working Svelte page in less than an hour – with the help of AI and some clever tooling.

Contact Us

NewOrbit Ltd.
Hampden House
Chalgrove
OX44 7RW


020 3757 9100

NewOrbit Logo

Copyright © NewOrbit Ltd.