{"id":1944,"date":"2018-11-28T00:00:00","date_gmt":"2018-11-28T00:00:00","guid":{"rendered":"https:\/\/azure.microsoft.com\/blog\/simplifying-security-for-serverless-and-web-apps-with-azure-functions-and-app-service"},"modified":"2023-05-11T15:35:46","modified_gmt":"2023-05-11T22:35:46","slug":"simplifying-security-for-serverless-and-web-apps-with-azure-functions-and-app-service","status":"publish","type":"post","link":"https:\/\/azure.microsoft.com\/en-us\/blog\/simplifying-security-for-serverless-and-web-apps-with-azure-functions-and-app-service\/","title":{"rendered":"Simplifying security for serverless and web apps with Azure Functions and App Service"},"content":{"rendered":"<p>Serverless and PaaS are all about unleashing developer productivity by reducing the management burden and allowing you to focus on what matters most, your application logic. That can\u2019t come at the cost of security, though, and it needs to be easy to achieve best practices. Fortunately, we have a whole host of capabilities in the App Service and Azure Functions platform that dramatically reduce the burden of securing your apps.<\/p>\n<p>Today, we\u2019re announcing new security features which reduce the amount of code you need in order to work with identities and secrets under management. These include:<\/p>\n<ul>\n<li>Key Vault references for Application Settings (public preview)<\/li>\n<li>User-assigned managed identities (public preview)<\/li>\n<li>Managed identities for App Service on Linux\/Web App for Containers (public preview)<\/li>\n<li>ClaimsPrincipal binding data for Azure Functions<\/li>\n<li>Support for Access-Control-Allow-Credentials in CORS config<\/li>\n<\/ul>\n<p>We\u2019re also continuing to invest in <a href=\"https:\/\/azure.microsoft.com\/services\/security-center\/\" target=\"_blank\" rel=\"noopener\">Azure Security Center<\/a> as a primary hub for security across your Azure resources, as it offers a fantastic way to catch and resolve configuration vulnerabilities, limit your exposure to threats, or detect attacks so you can respond to them. For example, you may think you&#8217;ve restricted all your apps to HTTPS-only, but Security Center will help you make absolutely sure. If you haven\u2019t already, be sure to give it a try.<\/p>\n<p>So, without any further ado, let\u2019s talk about the details of these new features!<\/p>\n<h2>Key Vault references for Application Settings (public preview)<\/h2>\n<p>At Microsoft Ignite 2018, we gave a sneak peek of a new feature that would allow apps to source their application settings from Key Vault. I\u2019m incredibly pleased to announce that as of today, this feature is available in public preview!<\/p>\n<p>More and more organizations are moving to secure secrets management policies, which is fantastic to see. <a href=\"https:\/\/azure.microsoft.com\/en-us\/services\/key-vault\/\" target=\"_blank\" rel=\"noopener\">Azure Key Vault<\/a> gives you one source of truth for your secrets, with full control over access policies and audit history. While the existing Application Settings feature of App Service and Azure Functions is considered secure, with secrets encrypted at rest, it doesn\u2019t provide these management capabilities that you may need.<\/p>\n<p>However, working with Key Vault traditionally requires you to write some new code. We\u2019ve found that many teams can\u2019t easily update every place their application works with secrets, particularly in legacy applications. Azure Functions triggers are also an issue, as they are managed by the platform. Both of these scenarios are addressed with this new feature.<\/p>\n<h3>Sourcing Application Settings from Key Vault<\/h3>\n<p>The Key Vault references feature makes it so that your app can work as if it were using App Settings as they have been, meaning no code changes are required. You can get all of the details from our <a href=\"https:\/\/aka.ms\/FuncKeyVaultRef\" target=\"_blank\" rel=\"noopener\">Key Vault reference documentation<\/a>, but I\u2019ll outline the basics here.<\/p>\n<p>This feature requires a <a href=\"https:\/\/aka.ms\/funcsystemassigned\" target=\"_blank\" rel=\"noopener\">system-assigned managed identity<\/a> for your app. Later in this post I\u2019ll be talking about user-assigned identities, but we\u2019re keeping these previews separate for now.<\/p>\n<p>You\u2019ll then need to configure an access policy on your Key Vault which gives your application the GET permission for secrets. Learn how to <a href=\"https:\/\/docs.microsoft.com\/azure\/key-vault\/key-vault-secure-your-key-vault#key-vault-access-policies\" target=\"_blank\" rel=\"noopener\">configure an access policy<\/a>.<\/p>\n<p>Lastly, set the value of any application setting to a reference of the following format:<\/p>\n<p align=\"center\"><em>@Microsoft.KeyVault(SecretUri=<strong>secret_uri_with_version<\/strong>)<\/em><\/p>\n<p>Where <em>secret_uri_with_version<\/em> is the full URI for a secret in Key Vault. For example, this would be something like: https:\/\/myvault.vault.azure.net\/secrets\/mysecret\/ec96f02080254f109c51a1f14cdb1931<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" alt=\"Sourcing application settings from Key Vault\" height=\"818\" src=\"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-content\/uploads\/2018\/11\/02f94eab-f728-42b5-a7a1-fae9e2ec0d52.webp\" title=\"Sourcing application settings from Key Vault\" width=\"2164\"><\/p>\n<p>That\u2019s it! No changes to your code required!<\/p>\n<p>For this initial preview, you need to explicitly set a secret version, as we don\u2019t yet have built-in rotation handling. This is something we look forward to making available as soon as we can.<\/p>\n<h2>User-assigned managed identities (public preview)<\/h2>\n<p>Our existing support for managed identities is called system-assigned. The idea is that the identity is created by the platform for a specific application and is tied to the lifecycle of the application. If you delete the application, the identity is removed from Azure Active Directory immediately.<\/p>\n<p>Today we\u2019re previewing user-assigned identities, which are created as their own Azure resource and then assigned to a given application. A user-assigned identity can also be assigned to multiple applications, and an application can have multiple user-assigned identities.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" alt=\"User-assignment managed identities\" height=\"597\" src=\"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-content\/uploads\/2018\/11\/9128ac22-955d-421b-b5cb-f6406a3a8f21.webp\" title=\"User-assignment managed identities\" width=\"1594\"><\/p>\n<p>To learn about creating and using a user-assigned identity see, \u201c<a href=\"https:\/\/docs.microsoft.com\/azure\/active-directory\/managed-identities-azure-resources\/how-to-manage-ua-identity-portal\" target=\"_blank\" rel=\"noopener\">Create, list, delete or assign a role to a user-assigned managed identity using the Azure portal<\/a>.\u201d Once you have created the identity, you can assign it to your app by updating your app configuration with a pointer to that identity. You can learn more about this in <a href=\"https:\/\/aka.ms\/funcuserassigned\" target=\"_blank\" rel=\"noopener\">our managed identity documentation<\/a>. Please note that this preview is not supported in sovereign clouds.<\/p>\n<p><em><strong>Quick tip:<\/strong> Although you can use an identity for multiple resources, be careful not to over-share identities and leak permissions to resources that don\u2019t need them. Always keep the principle of least privilege in mind, and default to creating separate identities for each component of your application. Only share if truly necessary.<\/em><\/p>\n<h2>Managed identities for App Service on Linux\/Web App for Containers (public preview)<\/h2>\n<p>We\u2019re also pleased to expand our support for managed identities to App Service on Linux\/Web App for Containers. Now, Linux apps can have the same great experience of turnkey service-to-service authentication without having to manage any credentials. This preview includes both system-assigned and user-assigned support. In addition to a token service that makes it easy to request access to resources like Key Vault and Azure Resource Manager, this new support also gives Linux apps access to the Key Vault references feature mentioned before.<\/p>\n<p>To get started with your Linux applications, you can follow the configuration steps in the documentation, \u201c<a href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/app-service\/app-service-managed-service-identity\" target=\"_blank\" rel=\"noopener\">How to use managed identities for App Service and Azure Functions<\/a>.\u201d<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" alt=\"Managed identities for App Service\" height=\"705\" src=\"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-content\/uploads\/2018\/11\/3a234f9b-19d2-4bcb-b87d-1bff72c8460a.webp\" title=\"Managed identities for App Service\" width=\"1383\"><\/p>\n<h2>ClaimsPrincipal binding data for Azure Functions<\/h2>\n<p>Since the first preview of Azure Functions, you\u2019ve been able to use App Service Authentication\/Authorization to limit access to your function apps. Today we\u2019re making it easier to leverage incoming identities from your function code. This is currently finishing deployment it will be available to all function apps in Azure by the end of the week.<\/p>\n<p>For .NET, this is exposed as a ClaimsPrincipal object, similar to what you\u2019d see in ASP.NET. The object will be automatically injected if you add a ClaimsPrincipal object to your function signature, similar to how ILogger is injected.<\/p>\n<pre>\r\nusing System.Net;\r\nusing Microsoft.AspNetCore.Mvc;\r\nusing System.Security.Claims;\r\n\r\npublic static IActionResult Run(HttpRequest req, ClaimsPrincipal principal, ILogger log)\r\n{\r\n     \/\/ ...\r\n     return new OkResult();\r\n}<\/pre>\n<p>Other languages will be able to access the same through the context object in an upcoming update. Until then, this is a .NET-only preview. To learn more about this capability, see our <a href=\"https:\/\/aka.ms\/funcclaimsprincipal\" target=\"_blank\" rel=\"noopener\">HTTP trigger reference<\/a>.<\/p>\n<p>I really love how this cleans up identity-dependent functions. This feature, in combination with the <a href=\"https:\/\/docs.microsoft.com\/azure\/azure-functions\/functions-bindings-microsoft-graph#token-input\" target=\"_blank\" rel=\"noopener\">token binding<\/a>, removes a nice bit of code that isn\u2019t core to your business logic.<\/p>\n<h2>Support for Access-Control-Allow-Credentials in CORS config<\/h2>\n<p>Last, but not least, we have a quick update to our CORS feature which enables the Access-Control-Allow-Credentials header to be set. This is necessary whenever you need to send cookies or a token as part of calling your API. Without this response header being set, the browser will not pass data along.<\/p>\n<p>You can find out more about the CORS feature and this new setting in the tutorial, \u201c<a href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/app-service\/app-service-web-tutorial-rest-api\" target=\"_blank\" rel=\"noopener\">Host a RESTful API with CORS in Azure App Service<\/a>.\u201d To enable the header, you\u2019ll just need to update your CORS config to set \u201csupportCredentials\u201d to true.<\/p>\n<p>The Access-Control-Allow-Credentials header can also be enabled in the local Functions host for development purposes, thanks to a fantastic <a href=\"https:\/\/github.com\/Azure\/azure-functions-core-tools\/pull\/877\" target=\"_blank\" rel=\"noopener\">community pull request<\/a>.<\/p>\n<h2>Wrapping up<\/h2>\n<p>As with all of our previews, we\u2019d love for you to try these features out and let us know what you think!<\/p>\n<p>If you have any requests for new features, please create an idea on our UserVoice (either for <a href=\"https:\/\/feedback.azure.com\/forums\/355860-azure-functions\" target=\"_blank\" rel=\"noopener\">Functions<\/a> or <a href=\"https:\/\/feedback.azure.com\/forums\/169385-web-apps\" target=\"_blank\" rel=\"noopener\">App Service<\/a>). For any Functions-specific issues, please <a href=\"https:\/\/github.com\/Azure\/Azure-Functions\/issues\/new\" target=\"_blank\" rel=\"noopener\">file an issue on our GitHub repo<\/a>. You can also reach the team on Twitter <a href=\"https:\/\/twitter.com\/AzureFunctions\" target=\"_blank\" rel=\"noopener\">@AzureFunctions<\/a>.<\/p>\n<p>We\u2019re really looking forward to hearing from you and continuing the conversation. Now go secure those apps!<\/p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Serverless and PaaS are all about unleashing developer productivity by reducing the management burden and allowing you to focus on what matters most, your application logic.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"ms_queue_id":[],"ep_exclude_from_search":false,"_classifai_error":"","_classifai_text_to_speech_error":"","_alt_title":"","footnotes":"","msx_community_cta_settings":[]},"categories":[1485],"tags":[],"audience":[3055,3053,3056],"content-type":[],"product":[1536],"tech-community":[],"topic":[],"coauthors":[711],"class_list":["post-1944","post","type-post","status-publish","format-standard","hentry","category-internet-of-things","audience-developers","audience-it-decision-makers","audience-it-implementors","product-azure-functions"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.2 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Simplifying security for serverless and web apps with Azure Functions and App Service | Microsoft Azure Blog<\/title>\n<meta name=\"description\" content=\"Serverless and PaaS are all about unleashing developer productivity by reducing the management burden and allowing you to focus on what matters most, your application logic.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/azure.microsoft.com\/en-us\/blog\/simplifying-security-for-serverless-and-web-apps-with-azure-functions-and-app-service\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Simplifying security for serverless and web apps with Azure Functions and App Service | Microsoft Azure Blog\" \/>\n<meta property=\"og:description\" content=\"Serverless and PaaS are all about unleashing developer productivity by reducing the management burden and allowing you to focus on what matters most, your application logic.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/azure.microsoft.com\/en-us\/blog\/simplifying-security-for-serverless-and-web-apps-with-azure-functions-and-app-service\/\" \/>\n<meta property=\"og:site_name\" content=\"Microsoft Azure Blog\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/microsoftazure\" \/>\n<meta property=\"article:published_time\" content=\"2018-11-28T00:00:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-05-11T22:35:46+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-content\/uploads\/2018\/11\/02f94eab-f728-42b5-a7a1-fae9e2ec0d52.webp\" \/>\n<meta name=\"author\" content=\"Matthew Henderson\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@azure\" \/>\n<meta name=\"twitter:site\" content=\"@azure\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Matthew Henderson\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"7 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/simplifying-security-for-serverless-and-web-apps-with-azure-functions-and-app-service\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/simplifying-security-for-serverless-and-web-apps-with-azure-functions-and-app-service\/\"},\"author\":[{\"@id\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/author\/matthew-henderson\/\",\"@type\":\"Person\",\"@name\":\"Matthew Henderson\"}],\"headline\":\"Simplifying security for serverless and web apps with Azure Functions and App Service\",\"datePublished\":\"2018-11-28T00:00:00+00:00\",\"dateModified\":\"2023-05-11T22:35:46+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/simplifying-security-for-serverless-and-web-apps-with-azure-functions-and-app-service\/\"},\"wordCount\":1357,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/simplifying-security-for-serverless-and-web-apps-with-azure-functions-and-app-service\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-content\/uploads\/2018\/11\/02f94eab-f728-42b5-a7a1-fae9e2ec0d52.webp\",\"articleSection\":[\"Internet of things\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/azure.microsoft.com\/en-us\/blog\/simplifying-security-for-serverless-and-web-apps-with-azure-functions-and-app-service\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/simplifying-security-for-serverless-and-web-apps-with-azure-functions-and-app-service\/\",\"url\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/simplifying-security-for-serverless-and-web-apps-with-azure-functions-and-app-service\/\",\"name\":\"Simplifying security for serverless and web apps with Azure Functions and App Service | Microsoft Azure Blog\",\"isPartOf\":{\"@id\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/simplifying-security-for-serverless-and-web-apps-with-azure-functions-and-app-service\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/simplifying-security-for-serverless-and-web-apps-with-azure-functions-and-app-service\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-content\/uploads\/2018\/11\/02f94eab-f728-42b5-a7a1-fae9e2ec0d52.webp\",\"datePublished\":\"2018-11-28T00:00:00+00:00\",\"dateModified\":\"2023-05-11T22:35:46+00:00\",\"description\":\"Serverless and PaaS are all about unleashing developer productivity by reducing the management burden and allowing you to focus on what matters most, your application logic.\",\"breadcrumb\":{\"@id\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/simplifying-security-for-serverless-and-web-apps-with-azure-functions-and-app-service\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/azure.microsoft.com\/en-us\/blog\/simplifying-security-for-serverless-and-web-apps-with-azure-functions-and-app-service\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/simplifying-security-for-serverless-and-web-apps-with-azure-functions-and-app-service\/#primaryimage\",\"url\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-content\/uploads\/2018\/11\/02f94eab-f728-42b5-a7a1-fae9e2ec0d52.webp\",\"contentUrl\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-content\/uploads\/2018\/11\/02f94eab-f728-42b5-a7a1-fae9e2ec0d52.webp\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/simplifying-security-for-serverless-and-web-apps-with-azure-functions-and-app-service\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Blog home\",\"item\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Internet of things\",\"item\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/category\/internet-of-things\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Simplifying security for serverless and web apps with Azure Functions and App Service\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/#website\",\"url\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/\",\"name\":\"Microsoft Azure Blog\",\"description\":\"Get the latest Azure news, updates, and announcements from the Azure blog. From product updates to hot topics, hear from the Azure experts.\",\"publisher\":{\"@id\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/#organization\",\"name\":\"Microsoft Azure Blog\",\"url\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-content\/uploads\/2024\/06\/microsoft_logo.webp\",\"contentUrl\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-content\/uploads\/2024\/06\/microsoft_logo.webp\",\"width\":512,\"height\":512,\"caption\":\"Microsoft Azure Blog\"},\"image\":{\"@id\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/microsoftazure\",\"https:\/\/x.com\/azure\",\"https:\/\/www.instagram.com\/microsoftdeveloper\/\",\"https:\/\/www.linkedin.com\/company\/16188386\",\"https:\/\/www.youtube.com\/user\/windowsazure\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/#\/schema\/person\/c702e5edd662b328b49b7e1180cab117\",\"name\":\"shakir\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/secure.gravatar.com\/avatar\/9342c7c05bb16548741bc5cd3a3e3b7ee0c8e746844ad2cc582db5beb5514c6f?s=96&d=mm&r=g7664e653ea371ce16eaf75e9fa8952c4\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/9342c7c05bb16548741bc5cd3a3e3b7ee0c8e746844ad2cc582db5beb5514c6f?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/9342c7c05bb16548741bc5cd3a3e3b7ee0c8e746844ad2cc582db5beb5514c6f?s=96&d=mm&r=g\",\"caption\":\"shakir\"},\"sameAs\":[\"https:\/\/azure.microsoft.com\"],\"url\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/author\/shakir\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Simplifying security for serverless and web apps with Azure Functions and App Service | Microsoft Azure Blog","description":"Serverless and PaaS are all about unleashing developer productivity by reducing the management burden and allowing you to focus on what matters most, your application logic.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/azure.microsoft.com\/en-us\/blog\/simplifying-security-for-serverless-and-web-apps-with-azure-functions-and-app-service\/","og_locale":"en_US","og_type":"article","og_title":"Simplifying security for serverless and web apps with Azure Functions and App Service | Microsoft Azure Blog","og_description":"Serverless and PaaS are all about unleashing developer productivity by reducing the management burden and allowing you to focus on what matters most, your application logic.","og_url":"https:\/\/azure.microsoft.com\/en-us\/blog\/simplifying-security-for-serverless-and-web-apps-with-azure-functions-and-app-service\/","og_site_name":"Microsoft Azure Blog","article_publisher":"https:\/\/www.facebook.com\/microsoftazure","article_published_time":"2018-11-28T00:00:00+00:00","article_modified_time":"2023-05-11T22:35:46+00:00","og_image":[{"url":"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-content\/uploads\/2018\/11\/02f94eab-f728-42b5-a7a1-fae9e2ec0d52.webp","type":"","width":"","height":""}],"author":"Matthew Henderson","twitter_card":"summary_large_image","twitter_creator":"@azure","twitter_site":"@azure","twitter_misc":{"Written by":"Matthew Henderson","Est. reading time":"7 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/azure.microsoft.com\/en-us\/blog\/simplifying-security-for-serverless-and-web-apps-with-azure-functions-and-app-service\/#article","isPartOf":{"@id":"https:\/\/azure.microsoft.com\/en-us\/blog\/simplifying-security-for-serverless-and-web-apps-with-azure-functions-and-app-service\/"},"author":[{"@id":"https:\/\/azure.microsoft.com\/en-us\/blog\/author\/matthew-henderson\/","@type":"Person","@name":"Matthew Henderson"}],"headline":"Simplifying security for serverless and web apps with Azure Functions and App Service","datePublished":"2018-11-28T00:00:00+00:00","dateModified":"2023-05-11T22:35:46+00:00","mainEntityOfPage":{"@id":"https:\/\/azure.microsoft.com\/en-us\/blog\/simplifying-security-for-serverless-and-web-apps-with-azure-functions-and-app-service\/"},"wordCount":1357,"commentCount":0,"publisher":{"@id":"https:\/\/azure.microsoft.com\/en-us\/blog\/#organization"},"image":{"@id":"https:\/\/azure.microsoft.com\/en-us\/blog\/simplifying-security-for-serverless-and-web-apps-with-azure-functions-and-app-service\/#primaryimage"},"thumbnailUrl":"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-content\/uploads\/2018\/11\/02f94eab-f728-42b5-a7a1-fae9e2ec0d52.webp","articleSection":["Internet of things"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/azure.microsoft.com\/en-us\/blog\/simplifying-security-for-serverless-and-web-apps-with-azure-functions-and-app-service\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/azure.microsoft.com\/en-us\/blog\/simplifying-security-for-serverless-and-web-apps-with-azure-functions-and-app-service\/","url":"https:\/\/azure.microsoft.com\/en-us\/blog\/simplifying-security-for-serverless-and-web-apps-with-azure-functions-and-app-service\/","name":"Simplifying security for serverless and web apps with Azure Functions and App Service | Microsoft Azure Blog","isPartOf":{"@id":"https:\/\/azure.microsoft.com\/en-us\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/azure.microsoft.com\/en-us\/blog\/simplifying-security-for-serverless-and-web-apps-with-azure-functions-and-app-service\/#primaryimage"},"image":{"@id":"https:\/\/azure.microsoft.com\/en-us\/blog\/simplifying-security-for-serverless-and-web-apps-with-azure-functions-and-app-service\/#primaryimage"},"thumbnailUrl":"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-content\/uploads\/2018\/11\/02f94eab-f728-42b5-a7a1-fae9e2ec0d52.webp","datePublished":"2018-11-28T00:00:00+00:00","dateModified":"2023-05-11T22:35:46+00:00","description":"Serverless and PaaS are all about unleashing developer productivity by reducing the management burden and allowing you to focus on what matters most, your application logic.","breadcrumb":{"@id":"https:\/\/azure.microsoft.com\/en-us\/blog\/simplifying-security-for-serverless-and-web-apps-with-azure-functions-and-app-service\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/azure.microsoft.com\/en-us\/blog\/simplifying-security-for-serverless-and-web-apps-with-azure-functions-and-app-service\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/azure.microsoft.com\/en-us\/blog\/simplifying-security-for-serverless-and-web-apps-with-azure-functions-and-app-service\/#primaryimage","url":"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-content\/uploads\/2018\/11\/02f94eab-f728-42b5-a7a1-fae9e2ec0d52.webp","contentUrl":"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-content\/uploads\/2018\/11\/02f94eab-f728-42b5-a7a1-fae9e2ec0d52.webp"},{"@type":"BreadcrumbList","@id":"https:\/\/azure.microsoft.com\/en-us\/blog\/simplifying-security-for-serverless-and-web-apps-with-azure-functions-and-app-service\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Blog home","item":"https:\/\/azure.microsoft.com\/en-us\/blog\/"},{"@type":"ListItem","position":2,"name":"Internet of things","item":"https:\/\/azure.microsoft.com\/en-us\/blog\/category\/internet-of-things\/"},{"@type":"ListItem","position":3,"name":"Simplifying security for serverless and web apps with Azure Functions and App Service"}]},{"@type":"WebSite","@id":"https:\/\/azure.microsoft.com\/en-us\/blog\/#website","url":"https:\/\/azure.microsoft.com\/en-us\/blog\/","name":"Microsoft Azure Blog","description":"Get the latest Azure news, updates, and announcements from the Azure blog. From product updates to hot topics, hear from the Azure experts.","publisher":{"@id":"https:\/\/azure.microsoft.com\/en-us\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/azure.microsoft.com\/en-us\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/azure.microsoft.com\/en-us\/blog\/#organization","name":"Microsoft Azure Blog","url":"https:\/\/azure.microsoft.com\/en-us\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/azure.microsoft.com\/en-us\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-content\/uploads\/2024\/06\/microsoft_logo.webp","contentUrl":"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-content\/uploads\/2024\/06\/microsoft_logo.webp","width":512,"height":512,"caption":"Microsoft Azure Blog"},"image":{"@id":"https:\/\/azure.microsoft.com\/en-us\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/microsoftazure","https:\/\/x.com\/azure","https:\/\/www.instagram.com\/microsoftdeveloper\/","https:\/\/www.linkedin.com\/company\/16188386","https:\/\/www.youtube.com\/user\/windowsazure"]},{"@type":"Person","@id":"https:\/\/azure.microsoft.com\/en-us\/blog\/#\/schema\/person\/c702e5edd662b328b49b7e1180cab117","name":"shakir","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/9342c7c05bb16548741bc5cd3a3e3b7ee0c8e746844ad2cc582db5beb5514c6f?s=96&d=mm&r=g7664e653ea371ce16eaf75e9fa8952c4","url":"https:\/\/secure.gravatar.com\/avatar\/9342c7c05bb16548741bc5cd3a3e3b7ee0c8e746844ad2cc582db5beb5514c6f?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/9342c7c05bb16548741bc5cd3a3e3b7ee0c8e746844ad2cc582db5beb5514c6f?s=96&d=mm&r=g","caption":"shakir"},"sameAs":["https:\/\/azure.microsoft.com"],"url":"https:\/\/azure.microsoft.com\/en-us\/blog\/author\/shakir\/"}]}},"msxcm_display_generated_audio":false,"msxcm_animated_featured_image":null,"distributor_meta":false,"distributor_terms":false,"distributor_media":false,"distributor_original_site_name":"Microsoft Azure Blog","distributor_original_site_url":"https:\/\/azure.microsoft.com\/en-us\/blog","push-errors":false,"_links":{"self":[{"href":"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-json\/wp\/v2\/posts\/1944","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-json\/wp\/v2\/comments?post=1944"}],"version-history":[{"count":0,"href":"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-json\/wp\/v2\/posts\/1944\/revisions"}],"wp:attachment":[{"href":"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-json\/wp\/v2\/media?parent=1944"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-json\/wp\/v2\/categories?post=1944"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-json\/wp\/v2\/tags?post=1944"},{"taxonomy":"audience","embeddable":true,"href":"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-json\/wp\/v2\/audience?post=1944"},{"taxonomy":"content-type","embeddable":true,"href":"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-json\/wp\/v2\/content-type?post=1944"},{"taxonomy":"product","embeddable":true,"href":"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-json\/wp\/v2\/product?post=1944"},{"taxonomy":"tech-community","embeddable":true,"href":"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-json\/wp\/v2\/tech-community?post=1944"},{"taxonomy":"topic","embeddable":true,"href":"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-json\/wp\/v2\/topic?post=1944"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-json\/wp\/v2\/coauthors?post=1944"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}