azure-web-app-serviceazure-front-door
Lock down AppService with FrontDoor and AzureAD Authentication
I would like your feedback on the following :
- For my AppServices I set Authorization with AzureAD. I get authentication page and redirection to my Appservice is fine.
- Then I setup an Azure Front Door which redirect to my AppServices as backend
- In browser when I go to https://myfrontdoortest.azurefd.net then i get the AzureAD authentication page and redirection to my AppService is a success(in browser address bar it reads https://myappservicestest.azurewebsites.net).
Now i want to secure my AppServices with FrontDoor as explained MS here https://learn.microsoft.com/en-us/azure/frontdoor/front-door-faq. At this stage I only apply IP restrictions (not yet the X-FrontDoor-ID)
- test #1: when i go directly to my AppService like https://myappservicestest.azurewebsites.net then i get a 403 forbidden access as expected.
- test #2: when I go to https://myfrontdoortest.azurefd.net then i get the AzureAD authentication page. I provide valid credentials and I noticed that i am redirect to https://myappservicestest.azurewebsites.net with a 403 Forbidden.
I'm still struggling to fix it.
- Is it something i should change in the reply URL to manage IP restrictions ?
- Is it something i should change in FrontDoor configuration ?
Your help is very welcome
Solution
Because the front door does not have a fixed IP, it is not feasible to set the IP settings in the webapp.
So it is recommended that you still use the official recommendation to add rewrite rules in the xml file.
The article you are looking for is very useful. It is recommended to read it carefully. If you have any questions, you can also raise a support ticket, MS will give you good answer.
I also find this issue, you can refer it.
