Search code examples
flutterazureazure-front-doorazure-static-web-app

Password protected Azure Static Web app with Front door DNS

I've got Azure Static Web app which is served by custom DNS with Azure front door, running a flutter app and everything works as expected, only allow in users to access with Front door Id in a header. We want to restrict access to dev/staging sites with password configurable in portal (https://learn.microsoft.com/en-us/azure/static-web-apps/password-protection) but there are a few issues

  1. When accessing site via custom DNS I'm being redirected to Web app default address with /.auth/basicAuth/login and returning 403 straight away
  2. When accessing custom DNS site with above path included, I can enter password, get redirected to a callback address but ultimately end up on same 403 site.

I've tried different routes setting in appsetting but to no avail. Have someone encountered this and would know what else needs to be set up?

Solution

  • We have found an answer to this:

    Basically, all that needs to happen in config file of Static Web App, allowed hosts must be specified for your DNS settings

            "requiredHeaders": {
            "X-Azure-FDID": "xyz"
        },
        "allowedForwardedHosts": [
          "xyz.xy.com",
          "www.xyz.xy.com"
        ]
    }

    More on the subject: https://learn.microsoft.com/en-us/azure/static-web-apps/front-door-manual#update-static-web-app-configuration