Hide WVD url using Azure services. FrontDoor? AppGW? - azure

we are doing POC for one client of Windows Virtual Desktop service(2020 spring version)
and client requested to hide url that is being used by default: https://rdweb.wvd.microsoft.com/arm/webclient/index.html, there is no customization of this in WVD service., client want to see like: https://customdomainmain.com/arm/webclient/index.html
So trying to do this with FrontDoor or AppGW (ready to hear other solutions as well)
In both cases I get: 'Message: AADSTS50011: The reply URL specified in the request does not match the reply URLs configured for the application:' searching info for this: suggests to register app in AAD, not sure how but what I tried nothing works.

You can benefit of Azure Functions, which allows you to execute your code in a serverless compute platform and setting your own Custom URL using the corporate domain name. the same idea as myapps.3tallah.com or mail.3tallah.com, for sure it would be up to you to set your preferred subdomain name.
Please refer to this blogpost Configure Custom URL redirection for Windows Virtual Desktop – WVD

Related

ERR_CONNECTION_RESET Azure CDN Custom Domain HTTPS

Hope someone can assist me in correcting this. I am on the last step to enable my CDN endpoint with a custom domain. currently the static website on storage works correctly the following ways.
1 - Storage Account endpoint
2 - Azure CDN xxxxxx.azureedge.net
CNAME is created and correctly configured and validated in azure for my cdn.customdomain.com but when I try to connect to it I get a ERR_CONNECTION_RESET when using a browser or 404 using curl. Any advice anyone can provide.
You could verify the followings:
Configuration. Make sure you select the Custom origin as the origin type and static website URI as the origin hostname.
Networking related. ISP blocks some websites. Firewall blocks specific websites. Internet connection is disabled or interrupted. Refer to this.
Browser error like Chrome. Clear your browser's cache and all locally stored data including cookies or try to use another browser. Refer to this.
Moreover, you could verify this via accessing the cdn.customdomain.com in an Azure VM, which is a different environment from the on-premise network.

Azure Application Gateway, Azure App Service and Form Based Authentication

I'm migrating a complete infrastructure over to Azure; it's been slow going as there's so much to learn and for every two steps forward, there seems to be one step back.
After what seems like an eternity, I think I've got it all sorted with one exception.
The architecture is as follows:
Azure Traffic Manager ==> 2 Azure Application Gateways (geo separated) ==> Azure App Service
A custom domain is used for the traffic manager and the gateways are listening for the same domain and, when the route matches, passing on the requests down to the app service.
The actual app itself is a ASP.NET MVC application and it uses forms authentication; and this is where the challenge happens.
When navigating to the public address: client.domain.com and hitting the website, it determines that the user is not authenticated and sends the browser to the login page... so far so good but, rather than using client.domain.com/login it uses the web-server dns name, so client.azurewebsites.com/login
How do I go about changing the behaviour so that it uses the external DNS name rather than the website name?
I can't setup custom domains on the app service as the only route into the site is via the gateway as this is also the firewall.
Is there some Web Config setting I can make? I'm looking at the outbound rewrite rules but these seem to only work on tags rather than 302 redirects.
Any thoughts would be most welcome.
You need to setup custom dns names on your webapp (you can use TXT record to verify dns name, so i dont see a reason why you can add it to the webapp). or you can alter the code.
In order to solve this problem, I had to make a code change to the web app itself. Not ideal but it worked.
What I had to do was to extend the code that redirects an unauthenticated request to the login page by sniffing for the X-Original-Host HTTP Header that the App Gateway forwards on. This contains the public facing DNS name. If the header is present and it is on a pre-approved white-list (so as to prevent any hijacking), then redirect the user to the login page for this domain, rather than the one the server is listening on directly (so use client.domain.com rather than client.azurewebsites.com)

Error 404 when accessing website by traffic manager URL

Hi, I am trying to configure a basic traffic manager on my azure account. But I always got 404 not found when I using the traffic manager URL.
I have two app service for the TM endpoints:
1. xxxus.azurewebsites.net
2. xxxeu.azurewebsites.net
TM Url is:
xxxtm.trafficmanage.net
I was able to use www.whatsmydns.net to check what the tm is heading to.
But when I use the TM url, I got this:
Did anyone has the same issue? Looking forward to your help
Thank you
I ran into the exact same thing and just found the solution - the app service plan needs to be at least a standard SKU. I was using a free tier, and that was causing my 404.
From Microsoft's Traffic Manager documentation:
Only Web Apps at the 'Standard' SKU or above are eligible for use with Traffic Manager. Attempts to add a Web App of a lower SKU fail. Downgrading the SKU of an existing Web App results in Traffic Manager no longer sending traffic to that Web App.
Currently, you could not add web apps from different subscriptions to the same traffic manager configuration since It is not possible to use Web Apps from multiple subscriptions with the same domain name. Refer to this. You can check this on your side. If so, you can remove one website from your endpoint, then add the website to the same subscriptions.
Moreover, the 404 error always happen due to the domain name could not be resolved by its IP address. It may be one of the following reasons:
The custom domain configured is missing an A record and/or a CNAME record.
The browser client has cached the old IP address of your domain. Clear the cache and test DNS resolution again. On a Windows machine, you clear the cache with ipconfig /flushdns.
You can follow the quickstart to create a Traffic Manager profile, then follow this to verify your traffic manager settings.
I encountered similar issue. My problem is one of my app service is a free tier, so I scaled it up to standard one. And delete my traffic manager and reinstalled and add the service endpoint again, the issue gone.
It's strange. Nslookup will take you to the right web app but the browser will show 404. Changing the app service plan to 'Standard' SKU fixed it for me.

Azure WAF infront of Web App changes HostName... Still having problem

I have setup an Azure WAF, via the Azure Portal, to point to an App Service which has a custom domain. The App Service has 2 domain names:
mysite.azurewebsites.com
subdomain.mysite.com
When I select "Pick Hostname from backend address" for the Probe and the Backend HTTP Settings, the Custom domain is picked up. I am also using SSL and this is working. However weirdly when I get past my login page on the app, the Application Gatewoy/WAF seems to resort to using the mysite.azurewebsites.net url. I tried following the recommendation in the following link, but it does not work for me.
Azure WAF infront of Web App changes HostName
Ie I deselected "Pick Hostname from backend address" and put "subdomain.mysite.com" as the hostname. This works for the probe, but when I specifiy this for the hostname in HTTP Settings, I get "Update Failed" without any explanation.
Any thoughts please?
Thanks.
EDIT: If I change the CNAME to bypass the WAF and go direct to the App Service, it works fine.
EDIT2: This may be relevant. The URL gets rewritten post authentication. There are a few links on the login page and these have the correct custom domain in them. However once the user logs in, the app links gets rewritten to use *.azurewebsites.net as the suffix.
EDIT3: Another thought... Is the "Probe" path wrong? I am currently using "/"
From MS docs....
Path / or another path
The remainder of the full url for the custom probe. A valid path starts with
'/'. For the default path of http://contoso.com just use '/'
Just spoke with MS. You need to use the "FQDN" in the backendpool and not the "AppService" option.

GCP app deploy in preview URL

I started using Google Cloud Platform and been testing some things on it. After deploying the web services (node.js), the GCP provides a URL which actually redirects to a preview URL. Ex- project.appspot.com to project.appspot-preview.com. Due to this, our client side throws 307 status code but not if I use the preview URL directly.
All I want to know is, is it safe to use the preview URL straight away or is there anyway to disable the forwarding?
Need help, thanks in advance.
This is the current behavior of the latest GAE flex environment. From Domain update:
Traffic is now served from the appspot-preview.com domain instead of
the appspot.com domain. All traffic from the App Engine flexible
environment will be automatically redirected to the new domain. All
App Engine Standard traffic will continue to be through appspot.com.
When the App Engine flexible environment is generally available (GA),
users will be able to use the appspot.com or appspot-preview.com
domains for routing traffic.
For users who want to use the latest App Engine Flexible release with
a custom domain, please fill out this form to contact us.

Resources