Azure Container Apps Add Built-In Authentication Support in Preview

Microsoft has released built-in authentication support for its Azure Container Apps, a new fully managed serverless container service. The feature enables developers to secure external ingress-enabled container apps without writing code.

The Redmond giant launched Azure Container Apps at its Ignite conference in November 2021. It is a serverless hosting solution that builds on Azure Kubernetes Service (AKS). Azure Container Apps allow developers to deploy multiple containers without dealing with complex infrastructure.

Microsoft understands that it takes a considerable amount of time and effort to build secure authentication and authorization solutions. It requires developers to follow certain cybersecurity standards and practices as well as ensure that their implementation remains updated.

With this release, Azure Container Apps introduced some new features that provide access to various built-in authentication providers. Essentially, these features don’t require a specific SDK, language/security expertise as well as code. This should make it easier for developers to focus on the functional implementation of their applications.

“The authentication and authorization middleware component is a feature of the platform that runs as a sidecar container on each replica in your application. When enabled, every incoming HTTP request passes through the security layer before being handled by your application,” the company explained.

Azure Container Apps support Azure AD, GitHub, and more

Microsoft highlights that Azure Container Apps currently support various identity providers and the list includes Azure Active Directory, GitHub, Twitter, Google as well as Facebook. Moreover, it’s also possible to integrate any third-party identity provider that supports OpenID Connect.

The built-in authentication for Azure Container Apps is currently available in preview for all customers worldwide. Microsoft has also detailed some considerations for using this new built-in authentication mechanism. These include using HTTPS, disabling the “allowInsecure” attribute, restricting app access to authenticated users, and more. If you’re interested, you can find more details on this support page.