4

I have put my app behind azure application gateway. I can access my app using the application gateway through this url: https://myapps.westus.cloudapp.azure.com/myapp

My app requires azure ad so I and I am prompted to login (with azure AD), after I login I am redirected to: https://myapp.azurewebsites.net/signin-oidc

But I want my app url to be masked by the gateway name: https://myapps.westus.cloudapp.azure.com/myapp

How do I configure my app to be masked by the url, after I sign in through azure AD. I am using a path based rule for my backend pool as /myapp

Improve this question
0

1 Answer 1

Reset to default
2

Based on my understanding, you want the reply URL for your web app authentication is the myapps.westus.cloudapp.azure.com instead of the *.azurewebsites.net hostname. Since it's impossible to add the Azure provided DNS name of app gateway as the hostname for your web app, you can do this with a custom domain. These will correctly redirect the client browser to the custom domain that routes through the Application Gateway after authenticating. These steps ensure the reply URL is the custom domain and you can still monitor requests through the Application Gateway.

Main steps:

  1. Add a custom domain to your web app service.
  2. Configure an SSL certificate for the custom domain.
  3. Set up Azure Active Directory authentication using the Authentication / Authorization feature on the App Service.
  4. Configure the proper reply URLs. If you configured your custom domain before setting up Azure Active Directory authentication, both your *.azurewebsites.net and custom domain URLs should be configured for the reply URLs. If your custom domain is not there, be sure to set up the reply URL as https://<custom domain>/.auth/login/aad/callback.
  5. The default configuration for the backend HTTP setting uses -PickHostNameFromBackendAddress. By instead, you could use the -HostName <enter your custom domain i.e www.contoso.com> configuration for the backend HTTP settings.

In the end, browse to your custom domain over HTTPS, login using Azure Active Directory, and you’ll be authenticated to your site over the custom domain. You could refer to this blog: Setting up Application Gateway with an App Service that uses Azure Active Directory Authentication

Improve this answer
7
  • You're welcome. You just need a public domain. I think you need to change to use the -HostName test.com for the backend HTTP settings when using AAD authentication. Have you checked the steps 4 and 5 in my reply? Also, you can find details from that blog.
    – Nancy
    May 10, 2019 at 7:27
  • When I add my -HostName test.com to my http setting and I try to access the application gateway, i receive a 502 error. The health probe is healthy so I am not sure.
    – johnny0013
    May 14, 2019 at 5:50
  • Do you have a custom probe (host test.com) matching the Http settings host?
    – Nancy
    May 16, 2019 at 2:07
  • Yes I did add my custom host to my app service. But then dont I need to point that host to my application gateway after
    – johnny0013
    May 16, 2019 at 6:31
  • 1
    Yes that works, the problem was that I was using waf v2 tier, and this does not allow to upload .cer certificates and causes problems with changing the httpsetting hostname.
    – johnny0013
    May 17, 2019 at 22:10

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Not the answer you're looking for? Browse other questions tagged or ask your own question.