I have an app function in Azure that is behind a front door. The front door uses a custom domain which has a CNAME record setup with our DNS provider.
The app uses MS Authentication when you access it.
What happens is that when I access the URL of the front door (https://website.domain.com), it directs you to the log in page as expected, I log in and then get directed to the app. All good, but rather than displaying and being from the original URL, it pushes me to a azurewebsites.net URL. We are going to be doing API calls via front door and need the replies to be from the custom domain URL.
As a test, I set up another front door in the same with an app function without authentication and this behaves as expected (app function continues to use the custom domain from the front door).
I have tried to set a custom domain on the app - no dice.
I have tried changing the header in the back end of front door - this makes the access to the app stop completely.
I have tried adding post_login_redirect_url to the app configuration and pointing it to the custom domain URL - no dice.
There must be a way for this to work? Has anyone managed to successfully manage this? Thanks.
Related
I have a domain that is protected through Azure b2c. The way I set it up is that a domain linked through Azure front-door is the login domain.
login.contoso.com
The app domain is
my.contoso.com
What is happening is that when I go to login.contoso.com (without any routing or path redirect uri's) directly it will default to a 404 error and land on this page
The resource you are looking for has been removed, had its name changed, or is temporarily unavailable.
To note, the correct path works. i.e. login.contoso.com/<token>azureb2c...
The issue is how to I handle the 404 error?
I'd like to default direct that to my main domain site i.e. contoso.com or someotherpage.
The odd part for me is that because the domain, sub-domain, is login.contoso.com I don't think there is actually a page from Azure emitting that. I think, correctly, that is just my domain's way of handling 404's or wrong page.
I already handle the redirect if the person goes to my.contoso.com and isn't logged in they go directly to login.contoso.com However, I don't think i'm handling the 404 errors correctly because anything outside of that emits the previously described error screen.
So I think the question is, how can I direct a subdomain's 404 to a url of my choosing of a domain that is setup through Azure front-door?
Is that just in the same permissions of my webconfig for the main app service domain ie., contoso.com? Or, is it the webconfig of the app service specifically for the subdomain my.contoso.com?
• You can surely configure the redirection for your different subdomains from a particular subdomain URL while logging in or any other kind of activity like session auto-logout after token expiration by configuring the correct routing rules for redirection in the Azure front door classic version.
Kindly check the snapshot below as demonstrated according to your requirement: -
Thus, according to the above snapshots, you can configure the redirection for the ‘login.contoso.com’ URL to the desired domain URL of your choice, i.e., ‘contoso.com’ or ‘someotherpage.com’ for in Azure AD B2C too.
• Also, in the above snapshot, I have selected ‘Temporary Redirect (307)’ for HTTPS protocol as according to the below documentation link, the target resource is temporarily under a different URI. The user agent MUST NOT change the request method if it does an automatic redirection to that URI. Since the redirection can change over time, the client ought to continue using the original effective request URI for future requests.
https://learn.microsoft.com/en-us/azure/frontdoor/front-door-url-redirect?pivots=front-door-standard-premium#redirection-types
As you want the redirection to happen for the ‘login.contoso.com’ URL when you redirect to that page, it will surely happen when you configure it accordingly as above since this redirection is temporary according to the situations stated above.
I have set up an Azure Frontdoor Load Balancer with 2 backends, hosting an Angular app. When looking at the network traffic in the browser's developer tools, I see that only the first few requests for *.html and *.js files go to the loadbalancer. Beginning with the GET options request, all subsequent requests seem to go directly to the backend #2 (in red in the picture below):
This means, if the backend #2 goes down, the client gets 404 errors, and won't be automatically redirected to backend #1, unless the user reloads the browser window with F5.
I'm not sure how the Angular app gets the actual backend host's URL. I cannot see any header or cookie which would provide this information. The headers of the first request for login.html look like this - no sign of the backend URL anywhere:
My questions are
how does the client get the backend host's URL?
is there a way to define that ALL requests go through the loadbalancer?
Would that even be a good idea? Or is this the "intended behaviour", meaning that the user WILL see 404 errors and have to reload the page manually?
It the application that is doing it, not the azure front door. The app must be constructing the url based on where it is hosted and them making a request. The front door will set the host header same as the app service's hostname. In that case, the application would see it's request to come as if the user typed that in the browser. You would typically want to use custom hostname e.g. neonapp-dev.yourcompanyname.com. When you do that both app services and the front door would have the custom host configured. While configuring the front door, you would use this as a host header rather than the default which is app services host name. Then everything would work fine as the app would never see the app services name as host header.
More details https://learn.microsoft.com/en-us/azure/frontdoor/front-door-backend-pool#backend-host-header
We have an app service which is an ASP.NET app in Azure. We have defined 200 OK response for / route. When we try to hit / endpoint from browser or Postman we get desired results.
But in Azure App Insights we notice GET / request every 5 min that is failing.
DNS Configuration
From the picture provided, you can see that default Azure route (qualitykitchen.azurewebsites.net) is still there as we haven't figure out a way to delete it.
404 Errors screenshot from Azure It is important to note that request that generates 404 is the default route for (qualitykitchen.azurewebsites.net) instead of the custom route that we setup via custom DNS which is (api-staging.qualitykitchen.co).
Because we’re have ‘Always On’ enabled we’re pretty sure the requests are simply Azure pinging the service to keep it alive. Unforunately it seems like it’s confused on which route to call.
Are we correct in assuming that the requests are coming from Azure? How can we direct Azure to make a call to our custom route?
Yes, that's correct, that's the AlwaysOn agent (check User-Agent in your telemetry).
Unforunately it seems like it’s confused on which route to call.
It's not, AlwaysOn agent always calls http://{sitename}.azurewebsites.net/, disregarding custom domains. It always calls / and you can't specify a custom URL.
Simply handle that domain as well and respond 200 OK back. You can not remove the default .azurewebsites.net binding.
I am trying to verify domain ( http://localhost/ ) for Single sign on Azure Portal for skype for business online.
I am getting below error :
Kindly help me to identify what I am doing wrong. If nothing is wrong then, what's the domain extension for localhost (.com for google.com, .net and etc).
Edit :
I am trying to provide App URL ID for a application registered in Azure AD. To do this, first of all, I have to verify domain by adding it for single sign on. During adding I am getting error message as above.
You can't add the localhost domain to Azure AD. It has to be an actual domain name purchased from a domain registrar.
One reason is that localhost has a different meaning for every person, it means their computer.
What are you trying to achieve?
EDIT: Your app ID URI identifies your app. It does not need to be a URL that points to your app but has to be a verified domain. For the App ID URI you can put a value such as https://mycompany.onmicrosoft.com/MyAppName. This is a typical scheme I use. Just replace "mycompany" with your Azure AD directory name. mycompany.onmicrosoft.com is a default domain you get with the directory, so you can use that. Also replace "MyAppName" with your app's name.
The App ID URI just needs to be in a domain that is in the AAD, which that one is by default. It does not need to be the URL for your app, it is just an identifier.
I've created a web application using Node.js that relies on a google API (specifically the DCM/DFA reporting API). It redirects the user to login to their gmail account, and after a successful login redirects back to the web application.
Suddenly my company has told me that this web application needs to be restricted to internal use only, and that they won't host it on a public domain for security reasons.
Is there any way to get Oauth to redirect to the internal domain? When I try to set the redirect domain in the google developers console I get an error message that it is not valid. Is there anyway around this?
The sample redirect url you can add at Console and Code is:
http://localhost:8080/authcallback
(Remember to not add trailing / in url)