Most organisations with significant .NET investment have a mix of old .NET Framework applications (3.5, 4.x) and newer .NET Core or .NET 5 applications. The migration strategy for the legacy applications ranges from lift-and-shift to full rewrite.

Rehost vs re-platform vs refactor

The migration strategy spectrum: Rehost (lift-and-shift, move the application to a VM in the cloud with no code changes), Re-platform (move to PaaS with minor changes, Azure App Service instead of IIS on a VM, Azure SQL instead of SQL Server on a VM), Refactor (modernise the application architecture, split into services, adopt cloud-native patterns). The cost and risk increase from left to right; so do the long-term operational benefits.

The re-platforming path for .NET Framework

Azure App Service supports .NET Framework applications without code changes for many scenarios. Moving from on-premises IIS to Azure App Service (Windows plan) is low-risk for most .NET Framework 4.x applications. Azure SQL provides a compatible target for SQL Server databases with automatic backups, high availability, and no VM management. The combination can dramatically reduce operational burden with minimal code changes.

The Windows Authentication challenge

Enterprise .NET Framework applications frequently use Windows Authentication (Kerberos / NTLM) for user authentication. Azure App Service supports Azure AD authentication, not Windows Authentication against an on-premises AD. The migration path: replace Windows Authentication with Azure AD OIDC (App Service Authentication / EasyAuth). For applications tightly integrated with on-premises Active Directory groups and security principals, the migration requires careful identity mapping.

Strangler Fig for legacy refactoring

The Strangler Fig pattern (from Martin Fowler) allows incremental modernisation of a legacy application without a big-bang rewrite. New functionality is built in .NET Core; an Azure API Management layer routes requests to the new or old implementation based on the path. Over time, functionality moves from the legacy application to the new one until the legacy application can be decommissioned. The pattern reduces risk by making the migration incremental and reversible.