Forum Discussion

jcloudtech's avatar
jcloudtech
Copper Contributor
Aug 07, 2024

Azure Web App Easy Auth using Reverse Proxy

My organization manages one single endpoint which must be used to expose web application;

 

e.g.

https://contoso.com/app_one/

 

We deployed an app in az web apps with Azure AD Easy Auth. (not accesible from the internet and no custom domain).

https://app-one.azurewebsites.net

 

Our app registration has this callback:

https://contoso.com/app_one/https://uat.p.api.ey.com/eyvirtual/services/api/webhook/wc/v1/login/aad/callback,https://ussxnxt1676913262azf03-webhook.azurewebsites.net/.auth/login/aad/callback

 

When i try to open any the app using https://contoso.com/app_one/, the browser recirects to Azure Login page, but it redirects back to https://app-one.azurewebsites.net instead of going to the public website https://contoso.com/app_one/

 

Our reverse proxy user Azure APIM.

 

Question is: how can i make Azure Web App to redirect to public endpoint instead of the azurewebsite endpoint?

 

Thanks.

 

1 Reply

Sort By
  • Kidd_Ip's avatar
    Kidd_Ip
    MVP
    Jan 03, 2025

    Try this:

     

    1. Update the Redirect URI: Ensure that the redirect URI in your Azure AD app registration matches the public endpoint. This means updating the redirect URI to https://contoso.com/app-one/.auth/login/aad/callback.
    2. Configure Azure AD Authentication: In the Azure portal, navigate to your Azure Web App and go to the Authentication/Authorization settings. Ensure that the redirect URI is set to your public endpoint.
    3. Modify the Reverse Proxy Configuration: Since you're using Azure API Management (APIM) as a reverse proxy, you need to ensure that APIM is correctly forwarding the requests and responses. You might need to rewrite the location headers in the responses to ensure they point to the public endpoint. This can be done using policies in APIM.
    4. Custom Domain and SSL: Make sure your custom domain (contoso.com) is properly configured in Azure Web App and that you have an SSL certificate set up for secure communication.
    5. Host Header: Ensure that the host header is preserved when the request is forwarded from APIM to the Azure Web App. This can be done by setting the preserveHostHeader attribute to true in your APIM policy.

Resources