What is your product version? 11.4.0 What is your product type (Angular or MVC)? Angular 14 What is product framework type (.net framework or .net core)? .NET6
Hi support,
I would like to ask for some security recommendations on how to best expose front-end (Angular) and back-end web API on production environment. We know that due to it's an SPA application, both the front-end and back-end need to be accessible from the client side, but is it a good practice to deploy both in a DMZ zone? Is it secure? Please advise.
Thank you in advance!
Loizos
3 Answer(s)
-
0
Hi @Loizos
If your app is an intranet app, then you can host it in a DMZ but if not, using HTTPS should be enouhg.
-
0
Hi @ismcagdas
No it's not an intranet app, will be fully exposed on internet. So, from security perspective is it enough to deploy both front & back ends behind a secure (HTTPS) port?
Thanks, Loizos
-
0
Hi,
Yes. If you want, you can also deploy Angular app behind an empty ASP.NET Core app (see https://learn.microsoft.com/en-us/azure/architecture/patterns/backends-for-frontends) but I suggest this approach if your app requires a high security.
