As far as I know it is - unfortunately - not possible to restrict an Azure website to available to Azure-internal services only, since Websitess do not support virtual networks - currently. Is this still correct?
If yes... I'm thinking of creating an Azure worker role instead to host my services. Is it possible to make the service only available to the websites from my subscription?
Thank you in advance best laurin
Laurin - you are correct - while Websites can utilise Hybrid Connections to connect back to services on-premises they aren't actually able to connect (and be restricted to) internal Azure services.
If you use a Web Role you will need to setup a Virtual Network with an appropriate private IP address range and then ensure you add your Web Role to this Virtual Network. This is done by editing the service configuration of your Cloud Service deployment in Visual Studio and making it similar to the below:
<?xml version="1.0" encoding="utf-8"?>
<ServiceConfiguration ...>
<Role name="WebRole1">
...
</Role>
<NetworkConfiguration>
<Dns>
<DnsServers>
<DnsServer name="YourDns" IPAddress="10.4.3.1" />
</DnsServers>
</Dns>
<VirtualNetworkSite name="YourVirtualNetwork" />
<AddressAssignments>
<InstanceAddress roleName="WebRole1">
<Subnets>
<Subnet name="FrontEndSubnet" />
</Subnets>
</InstanceAddress>
</AddressAssignments>
</NetworkConfiguration>
</ServiceConfiguration>