Architect A Basic Web Application In Azure


In this new series I start today, we will look into various Azure application designs. We will start by taking a diagram from the Microsoft official website for a particular type of application and then analyze the various components and also discuss possible changes and enhancements to the application design.

Reference diagram

We will start with the basic web application. Details are available at the Microsoft website below:

Architect A Basic Web Application In Azure

Components of the design

The design for a basic web application as detailed here is quite simple. We create a Azure app service within a specific App service plan which is inside a resource group. We specify a number of deployment slots. Here, we can choose a plan we want depending upon our needs including the space to scale out which can be done either manually or automatically.

Next, we setup a data store which in this diagram is Azure SQL Server. Depending upon our needs we could also use a non-relational database as Cosmos DB or even use a storage account with Tables and Containers. We can access the data store from the app service either using a connection string or a managed identity. I will not provide details on how to do these as these details are available on the web.

The configuration information of the app service can be further protected using Azure Key Vault as shown in the diagram, if needed. We can also use Azure Active Directory for authentication and authorization of our app service using app registrations, and then we can setup a custom name for our application using Azure DNS.

Finally, we can turn on the diagnostic settings of all components to store logs for usage and troubleshooting purposes. For this, we can create a default analytics workspace and store detailed logs here. We can later query these logs for information and also monitor various metrics.

Overall, this diagram looks good. However, I think there might be a couple of additional services that could be added here again depending upon your requirement. Firstly, for additional security, a Front Door or APIM can be added in-front of the app service as a reverse proxy. If this is a Web API application than adding an APIM component would be the best otherwise a Front Door component will work fine to provide security, caching, message translation and logging.

Also, adding Application Insights for detailed instrumentation of the code would be recommended.


In today’s article, we looked at how we could possibly architect a basic web application on the Microsoft Azure cloud platform. We started with the diagram provided on Microsoft’s official site and added a few components I thought would be useful. Please note that these are my suggestions and would vary depending upon the situation, requirement, and of course budget.

Similar Articles