I'm creating several websites in azure and attempting to assign custom domain names to each. The website URLs will be of the form app1.cloud.example.com. Is there any way to bypass the validation for each domain name and just verify i own cloud.example.com?
The reason I want to do this is that eventually there may be hundreds of these websites, and so I would like to automate this, and it'll make my job a little easier if I can perform the validation once rather than having to code the creation of the validation CNAME record.
Thanks in advance!
Try validating *.cloud.example.com.
Related
I would like your feedback and opinion about using { FrontDoor + Appservices + Authentication + restrict access to FD only }
I do confirm I can set up all of this thanks to all contribution/ forums / blog found on the net. I can use my custom domain which request AD authentication and I am correctly redirect to my appservices (in browser: I see my custom domain name and never see any *.azurefdnet or *azurewebsites.net as expected).
The only problem is that I needed to use a custom domain to make it works. For production purpose it is acceptable to have a custom domain but for dev or test I wonder if we can do it without custom domain by simply keeping original address like *.azurefd.net and *.azurewebsites.net
I struggle to make it works without custom domain. I keep getting “too many redirection” message or ‘403 sites blocked’.
Does anyone success to do it ? My general configuration looks like
My backend is linked with my appservices
Details of my backend is:
I think my problem is with BackendHostHeader but not sure. When i used custom domain for my production it works. But remind i do not want to use custom domain for dev and test.
My route looks like
And finally my appservices is secure to allow frontdoor only
When my user goes to stackoverflo.azurefd.net they get AD authentication which is good but just after i get redirection to xxx.azurewebsites.net with 403 forbidden (which looks normal because of restriction to FD only).
I tried to change the backend host header by replacing by FD value but in this case i get a error with loop redirection.
Is it a feasible scenario without custom domain ?
Regards
PS: i configured Azure ADApp to allow reply url to my FD like stackoverflo.azurefd.net/.auth/login/aad/callback
Yes, you can Restrict the access to website without using Custom Domain.
Goto the Application you want to restrict the access in Azure Portal and select the Networking from left Pane, now click on Access Restrictions.
For complete information you can go through this Microsoft Documentation.
How can we automatically add the redirect URI in the Quickbooks auth using some API?
Edit:- In my case, my website has functionality of creating sub-domain on the basis of some random keywords. Suppose if my website is facebook.com and someone creates his own company inside it
Company name Website
1. tata tata.facebook.com
2. tesla tesla.facebook.com
So I want to add the website url name to the redirect URI as soon as company is created. I don't want to add it like manually.
How can we automatically add the redirect URI in the Quickbooks auth using some API?
You can't.
In my case, my website has functionality of creating sub-domain on the basis of some random keywords.
You won't be able to do this.
A better way to handle this is to have a single domain dedicated to the OAuth handshake for new connections, and always use that domain. You can use the state parameter of OAuth to track who is connecting so you know the correct subdomain to bounce them back to after OAuth redirect.
Intuit (and most other cloud providers) do not allow wildcards or dynamic domains because there are some significant security risks to doing so:
https://www.rfc-editor.org/rfc/rfc6819#section-5.2.3.5
http://technotes.iangreenleaf.com/posts/closing-another-nasty-security-hole-in-oauth.html
https://security.stackexchange.com/questions/180505/why-is-a-wildcard-subdomain-callback-url-in-oauth-considered-unsafe
I am trying to verify my domain on firebase.com.
Here I have two txt records. My domain provider supports only one entry.
I found on one help site from google the entry that my provider "strato.de" does not support the verification from firebase and that I can try an alternative domain verfication. Then I was linked to stackoverflow.
What is the alternative way to verify my domain on firebase.com?
Thanks in advance.
I have contacted the support of firebase.com.
After a few days I received an email with an alternative way to verify the domain.
I did not try out the alternative way, becuase I found another solution for my problem.
Has anyone found a way to use the Azure AD sign in page without the domain name?
For example, oscar instead of oscar#tenant.onmicrosoft.com.
I already am aware of using the "login_hint" parameter; however, I'd like to the user to not see the "#tenant.onmicrosoft.com" at all. I think it would lead to confusion.
Also, I want to avoid creating a custom page & having access to the username/password by using the UserCredential type and AcquireToken method. See this for reasons.
The domain name (#tenant.onmicrosoft.com) is going to be a deal breaker for my employer. They don't want to see it and I can understand why.
There is absolutely no way to avoid using of #domain with the login at Azure AD.
However, you are not forced to use #tenant.onmicrsoft.com - you can freely configure your own domain and have users login with #mycompany.com. You have to make your employer think in 21st century, not in middle ages of early Internet access.
I have registered a domain (though there is no hosting yet, just name registration) and I am trying to set up google apps so that I can have email, but I cannot figure it out. Is there something I am missing? I feel like it should be easier than it is right now.
You need to correctly set the MX records at your registrar.
Have you proved domain ownership including a CNAME record in your DNS server? Just follow the instructions.
If you don't have access to your DNS server for adding records, and don't have a webserver where you can put a verification file I think you wont be able do setup e-mail.
If you already have the domain, you just need to follow the registration process, you will be taken through all the steps. If you got to the Admin Console you should have a message bar Top of the page with Verify Domain.
the best way to do it is to try the new Learning Center, http://learn.googleapps.com/.