I'm pretty new to Azure, and I wanted to get familiar with using Azure AD auth as an authentication provider for a dotnet core web app.
I followed this tutorial: https://docs.microsoft.com/en-us/azure/app-service/tutorial-auth-aad?pivots=platform-linux
It worked as described, but I have to be missing something, because the way it's deployed doesn't make any sense to me.
The "starting point" tutorial code is this repo, here: https://github.com/Azure-Samples/dotnet-core-api
It's a simple dotnet core web app that hosts an Angular frontend. Through the course of the tutorial, you make some changes to get the "frontend" to talk to the "backend", and you add two remotes to your Git repo - frontend and backend - but they're on the same repo.
As I understand it, at the end of this tutorial, I have two nearly-identical Azure App Service instances running in my Azure resource group. They are both running the same code. Both include the full-stack application - both are hosting a Kestrel or HTTP.sys (or whatever) instance on port 443 at their respective .azurewebsites.net URL - both show my index.html page - but one is supposed to be the "frontend" and the other is supposed to be the "backend". The only thing different about the "frontend" and "backend" is that the "backend" has an identity provider configured, and the "frontend" has API permissions granted to it from the "frontend".
Is it really necessary to have the whole service running in both places? Is there a way to host the actual dotnet core API service as an App Service, host the HTML / JS / CSS separately as an Azure Static Page (or something similar), and still configure the identity provider? Or does it have to be like this? It seems like overkill, from a technical standpoint, as well as from a billing standpoint.