Azure Web App supports deployment slots. Production slot is the main one and there can be a couple of others. In order to follow a principle of least privilegesdifferent slots should have different security principals for deployment.
A service principal with deployment permissions for only a dedicated slot is useful in order to limit access to production deployment.
Sometimes we need to restrict access to some URL-path of a Web application from Internet while allow to access the whole web site. This kind of restriction might be relevant for example for a administrative user interface or a special API that should not be accessed from Internet.
How to integrate a classic (MVC 5 and before) ASP.NET MVC application and a new type ASP.NET MVC (6?) OWin with an Azure Access Control Service (ACS). Users are authenticated outside of an application by third party authentication providers such as Facebook, Google, Yahoo etc. This process is called federated authentication.