This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(0, 7.000000000000001%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPC%3C/text%3E%3C/svg%3E)
I have configured App Gateway and the backend of my App Gateway has two apps, one Front End Web App and another Function App.
The function app is talking to a Databricks instance from another tenant and getting data.
I have an API app that is sitting between my Front End and Function App.
After doing custom domain name binding for both my FE and Function App and making the custom domain name same as the App GW Https listeners, i get rerouted to the Front End web app when i try to browse to the Front End App via App Gateway.
But i get to see this error in the browser after i hit F12.
In the API web app i have CORS enabled and the URL mentioned is that of the custom domain of the FE web app.
Any idea why this error is coming still
Request URL: https://contoso-qa-8234.azurewebsites.net/datahub/negotiate
Request Method: OPTIONS
Status Code: 403
Remote Address: 20.X.X.X:443
Referrer Policy: strict-origin-when-cross-origin
The remote address IP is that of the IP that i see for the Front End Web App when i go to Custom Domain in App Services
Hi, @Anonymous
You're getting a 403 in Preflight.
What authentication features does your web application or API implement?
I have three apps (Front End, API and Function App) all in one App Service Plan. All the three apps have corresponding App Registrations. So the Front End is using OAUTH to get the token from AAD and present it to the API. I have changed the call back URL in the Front End App registration now to match with my custom domain FE Web App and the format of the callback URL now is : https://fe-qa.contoso.com/.auth/login/aad/callback. Initially this callback URL was the URL of the FE App Service and i was getting 404 denied because of that while using App Gateway. After changing this callback URL and making it similar to the App GW Listener Hostname and custom domain name, i can get the FE Dashboard page now
Also in CORS for the API app, i have "Request Credentials" checked and i have two URLs added, one is for the actual FE *.azurewebsites.net URL and the other is my custom domain URL which is : https://fe-qa.contoso.com:443
I have raised a ticket with you guys. What the support technician found out is when i go to "Diagnose and Solve Problems" and search with "Regional VNET Integration" i see the picture attached in the screenshot for all my three web apps (FE, API and Function).
My App Service Plan is a Linux one
I have disabled and renabled VNET Integration for the FE app, still no go
I have another project where i am using Windows App Service Plan. I did the same thing in that project and i can see Private IP allocated to the VMs when i go to the App Services
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(153.6, 92%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
pallab, Apologies for the long delay in a response here.
I understand it's a late response, If the issue still persists, could you please share the #SR ticket number, for a quick and immediate assistance, I'll follow-up further. Thanks for your patience!
Hello Ajkuma, the issue is resolved and things are ok now. Thanks for checking back
@Anonymous , Glad to know that the issue is resolved. Thanks for the update.
To benefit the community members, if you could share the solution here or #SR number, I'll summarize and post an answer.
This will help others easily find this answer, facing a similar issue.
Much appreciate your collaboration.
Thank you and have a great week!
@Anonymous , just following-up, to benefit the community find the right answer, it would be helpful if you could share the solution that worked for you.
Thanks for your cooperation!