I am using azure traffic manager for load balancing of my virtual machines. But it is giving CORS blocked error when calling from ajax.
I have CORS enabled for my machines url.
can any one provide me some solutions.
Sounds like you are calling the traffic manager load balanced endpoint from a page that is on a different domain, is that right? Like your HTML page is on domain.com, and ajax in your page is calling domain.trafficmanager.com - is that why your getting CORS exceptions? If so can you just change the CNAME for your domain.com to point to domain.trafficmanager.com so your whole website is served from the same domain? Of course this implies your application server for both HTML / Javascript, etc. are all being served by the same process (not sure if that's the case here).
Related
I'm migrating a complete infrastructure over to Azure; it's been slow going as there's so much to learn and for every two steps forward, there seems to be one step back.
After what seems like an eternity, I think I've got it all sorted with one exception.
The architecture is as follows:
Azure Traffic Manager ==> 2 Azure Application Gateways (geo separated) ==> Azure App Service
A custom domain is used for the traffic manager and the gateways are listening for the same domain and, when the route matches, passing on the requests down to the app service.
The actual app itself is a ASP.NET MVC application and it uses forms authentication; and this is where the challenge happens.
When navigating to the public address: client.domain.com and hitting the website, it determines that the user is not authenticated and sends the browser to the login page... so far so good but, rather than using client.domain.com/login it uses the web-server dns name, so client.azurewebsites.com/login
How do I go about changing the behaviour so that it uses the external DNS name rather than the website name?
I can't setup custom domains on the app service as the only route into the site is via the gateway as this is also the firewall.
Is there some Web Config setting I can make? I'm looking at the outbound rewrite rules but these seem to only work on tags rather than 302 redirects.
Any thoughts would be most welcome.
You need to setup custom dns names on your webapp (you can use TXT record to verify dns name, so i dont see a reason why you can add it to the webapp). or you can alter the code.
In order to solve this problem, I had to make a code change to the web app itself. Not ideal but it worked.
What I had to do was to extend the code that redirects an unauthenticated request to the login page by sniffing for the X-Original-Host HTTP Header that the App Gateway forwards on. This contains the public facing DNS name. If the header is present and it is on a pre-approved white-list (so as to prevent any hijacking), then redirect the user to the login page for this domain, rather than the one the server is listening on directly (so use client.domain.com rather than client.azurewebsites.com)
I have two web apps setup in Azure, and for simplicity let's call them webapp1 and webapp2. They sit behind an application gateway, which is selecting the correct web app based on the subdirectory in the URL.
Here's a basic example of how I've set it up:
www.mydomain.com -> webapp1 (the default route)
www.mydomain.com/app -> webapp2
This is working fine, except for one problem: if webapp2 redirects to the login page, for example, the domain in the URL changes to the azurewebsites.net domain. Instead of redirecting to www.mydomain.com/login, it's going to webapp2.azurewebsites.net/login.
I'm fairly new to Azure application gateway, but I know it injects the x-forwarded-* and x-original-host headers. I assumed the gateway would either alter the redirected url request to correct the domain or the config on the web app would use the x-original-host instead. Neither of these things are happening.
Is there a way to configure either the web app or the gateway to make sure the host name doesn't change on redirects? Would this scenario work better with a separate web app/VM with a classic IIS reverse proxy setup instead of the application gateway?
Currently Application Gateway would not overwrite the response from the backend. We do inject X-Original-Host and your application should use that to write the redirect URL correctly back to mydomain.
Example to configure URL rewrite on web app can be found here. An example of rewriting default *.azurewebsites.net domain to a custom domain can be found here
We have 200 customer facing web sites all on one server. They are all ASP.NET running in IIS. Is it possible to move some of them to another server WITHOUT changing the customer's URL? Any links explaining how to do this would be helpful.
If your sits are already registered to specific sub domains, you can simply re-point the names to the new server using dns.
If they are simply different sites under the same domain on IIS you can use your current IIS server to reverse proxy the new ones. Some info is given here
Lastly, you could consider using a load balancer such as netscaler, f5 or application request routing. You would again, point the domain name to this using DNS and the load balancer would send the requests to the correct server.
My Cloud App has two roles with public endpoint. One of them is on https and second on http. Both of them should be configured to be available on the same TLD, let's say example.com. However though, there's a catch:
Http endpoint should respond only to http://example.com (let's say for now that calls to http://something.example.com can be redirected to https://something.example.com).
Https endpoint on the other hand should work the opposite way: calls without subdomains should be redirected to http://example.com.
Is there an easy way to to this by configuring some redirects in cscfg or something?
Any specific reason why you have 2 cloud web roles, Cant you have a single web role and both these application hosted on the same web role as different applications exposing 80, 443 out. This way you can control the redirection easily.
I have an application server installed, listening for HTTP traffic on a port which is not blocked from the world by a firewall. I wish to expose the services offered by this application only through HTTPS, preferably as a "sub directory" of the HTTPS site already hosted by the server.
Using IIS7 Url Rewriting (as part of the ARR package), I am able to setup a rule that redirects all traffic to a sub path of my existing HTTPS site. However, I am facing some trouble, when trying to make the same rule route to my server farm setup - all requests matching the rule simply get 404 reponses. Adding the very same rule to a non-SSL site, yields the expected behaviour - the application services are proxied right trough.
What might be wrong in my setup? Is ARR proxying the HTTPS requests as HTTPS traffic to the application server? The application I want to host does not have a HTTPS interfaces so, if yes: can I tell it not to do so?
Yes, I can use IIS7/ARR to route HTTPS requests to HTTP application.
The problem I experienced, was caused by the fact that the web site I wanted to use as the "container" for the proxy directory was buildt with ASP.NET MVC. The URL routing framework within ASP.NET interfered with the IIS url rewriting, and causes the 404 error.