Share via

Azure App Service Configuration for Multiple Domains

Shivaji Shitole 100 Reputation points
2024-06-06T04:55:00.79+00:00

Hello Team,

We have an project architecture where a web application is deployed as an Azure app service. Request to this app service come from domain, like Contoso1.com. Currently, our infrastructure is configured as follows:

  1. DNS Configuration:
    • The domain name (Contoso1.com) is mapped to the Application Gateway’s public IP address.
  2. Application Gateway Configuration:
    • The Application Gateway listener is set up to listen for requests from Contoso1.com.
    • The listener listens on port 443.
    • The listener type is Multisite, and the host type is Single.
    • The host name is configured as Contoso1.com.
    • The backend pool of the Application Gateway points to the Azure app service.
    • A rule is created to redirect requests to the app service.
  3. App Service Configuration (Contoso.azurewebsites.net):
    • Easy Auth is enabled using the Microsoft identity provider.
    • Network restriction is applied on app service and can be accessed through app gateway only
    • The Azure app service is configured with a custom domain mapped to Contoso1.com.
    • The custom domain is added to ensure that when users are authenticated using Easy Auth, they are correctly returned to the app service. Please refer this question for the reason of adding custom domain.
    EasyAuth.drawio (1) - Copy

The current flow works as expected: when users access the domain URL (Contoso1.com), the request is listened to by the Application Gateway and then reaches the app service.

Now, we have received a new requirement: any requests coming from Contoso2.com should also reach the same app service (Contoso.azurewebsites.net). To achieve this, we plan to make the following changes to our existing infrastructure:

  1. DNS Configuration:
    • Map the additional domain name (Contoso2.com) along with existing (Contoso1.com) to the Application Gateway’s public IP address.
  2. Application Gateway Configuration:
    • Modify the listener to listen for requests from both Contoso1.com and Contoso2.com.
    • Set the listener type as Multisite.
    • Set the host type as Multiple/Wildcard.
    • Add both host names (Contoso1.com and Contoso2.com) under the host names section.
  3. App Service Configuration (Contoso.azurewebsites.net):
    • Modify the app service and add one more custom domain to map Contoso2.com along with Contoso1.com

Now, we are seeking guidance on following:

  • Does these modifications are correct?
  • With this, does request from Contoso1.com and Contoso2.com will reach to Contoso.azurewebsites.net?
  • Any more modifications are required or missing?

Your early response is highly appreciated.

Thanks in advance.

Regards,

Shivaji 

Azure Application Gateway
Azure Application Gateway
An Azure service that provides a platform-managed, scalable, and highly available application delivery controller as a service.
1,012 questions
Azure App Service
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
7,405 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,624 questions
0 comments
Accepted answer
  1. KapilAnanth-MSFT 41,491 Reputation points Microsoft Employee
    2024-06-06T10:26:07.9866667+00:00

    @Shivaji Shitole ,

    Welcome to the Microsoft Q&A Platform. Thank you for reaching out & I hope you are doing well.

    From your verbatim,

    • Your App service is : "contoso.azurewebsites.net"
    • You are using App gateway as reverse proxy to access this.
    • You have a custom domain "contoso1.com" that is pointing to the App gw.
    • You are using Easy Auth
      • And the callback URL is using "contoso1.com"
      • And also, you have added the custom domain "contoso1.com" to the app service as well.

    Your requirement,

    • You would like to use the same app service "contoso.azurewebsites.net" for another domain "contoso2.com" via App gateway.

    Analysis :

    Is there any specific reason you are doing this instead of redirecting users to the original site?

    • i.e., Give a 3XX response to "contoso2.com"
    • and Redirect users to "contoso1.com"

    The challenges I am seeing with your set up are

    #1

    You are using App Service Entra authentication.

    • I believe the call back URL is configured with "contoso1.com"
    • So when users are accessing the "contoso2.com", and during authentication, there is a possibility that they get redirected to "contoso1.com" from Entra

    #2

    Instead,

    • I would suggest you consider redirecting users to the original site "contoso1.com".
    • And redirect users from "contoso2.com" to "contoso1.com"

    Without Authentication, your action plan should work.

    Kindly let us know if this helps or you need further assistance on this issue.

    Thanks,

    Kapil

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest