Can you have an app service with easy auth and a redirect in web.config?

Frank 0 Reputation points
2023-06-29T06:42:03.8966667+00:00

Hi,

We have a standard software application for a big company which is exposed to the end users by an identity provider and also exposed to backoffice users by username/password on intranet.

We want this backoffice page also authenticated by this identity provider but the callback/redirect should still be to this username/password backoffice as you should be able to logon with different accounts.

The idea now was to have an app service between the app gateway and the webserver where we could do an easy openid connect authentication and create a rewrite rule in the web.config to the webserver.

<configuration>
  <system.webServer>  
    <rewrite>  
        <rules>  
          <rule name="Redirect" stopProcessing="true">
            <match url="(.*)" />  
              <conditions logicalGrouping="MatchAny">
              <add input="{HTTP_HOST}" pattern="^xxxxxxxx\.azurewebsites\.net$" />
            </conditions>
            <action type="Redirect" url="http://www.xxxxxx.be/{R:0}" />  
          </rule>  
        </rules>  
    </rewrite>  
  </system.webServer>  
</configuration>

However when configure it this way, we're immediately redirected to the webserver (it's a test url in the snippet) without being redirect to the identity provider first.

We don't have an option to do some development on the application nor weblogic server of the application itself :s

Would someone have an idea on how to solve this? How we can have this username/password login page behind a identity provider first?

Thanks in advance!

Azure App Service
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
8,960 questions
{count} votes

1 answer

Sort by: Most helpful
  1. brtrach-MSFT 17,741 Reputation points Microsoft Employee Moderator
    2023-07-02T21:23:38.8833333+00:00

    @Frank To solve this issue, you can configure Easy Auth to use OpenID Connect authentication with your identity provider. This will allow users to authenticate with the identity provider before being redirected to the backoffice page.

    Here are the steps to configure Easy Auth with OpenID Connect authentication:

    1. In the Azure portal, go to your App Service and click on "Authentication / Authorization" under "Settings".
    2. Turn on "App Service Authentication" and select "Log in with Azure Active Directory" as the authentication provider.
    3. Under "Azure Active Directory", select "Express" mode and enter the required information for your identity provider.
    4. Click "OK" to save the changes.

    Once you have configured Easy Auth with OpenID Connect authentication, you can remove the rewrite rule from the web.config file. Users will now be redirected to the identity provider before being redirected to the backoffice page.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.