This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(275.2, 10%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Hi everyone!
I've got a static web app which is tied with an Azure Front Door. I'm trying to set up authorization via Front Door and got some problem here.
After authentication I stuck on this url https://identity.2.azurestaticapps.net/.auth/login/done with error code 401: Unauthorized. Without Front Door authorization works fine.
My hunch was that there is some kind of problem with redirect uri.
In my app registration I've added redirect uri to my Azure Front Door URL:
I haven't idea where there is could be a problem, so I will be glad for any help.
Hello @Ametkhan ,
We noticed your feedback that the below answer was not helpful.
Thank you for taking time to share your feedback.
Kindly let us know what we could have done better to improve the answer and make your engagement experience good.
We are here to help you and strive to make your experience better and greatly value your feedback.
Looking forward to your reply. Much appreciate your feedback!
Regards,
Gita
Hello @Ametkhan ,
Just checking in to see if you had a chance to see the answer provided by me below. To help the community find the right answers, please do mark the post which was helpful by clicking on Accept Answer.
And, if you have any further questions do let us know.
Regards,
Gita
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(214.4, 39%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJB%3C/text%3E%3C/svg%3E)
I'm encountering the same issue. I've followed the instructions on the guide https://learn.microsoft.com/en-us/azure/static-web-apps/front-door-manual and set all the configuration accordingly, but I get a 401 error every time at https://identity.2.azurestaticapps.net/.auth/login/done. If I remove the "networking" and "forwardingGateway" options from staticwebapp.config.json then I can connect via the default hostname with no errors at all, but obviously that creates issues with the frontend hostname.
Specifically, removing those sections causes aad auth to send the request as "https://identity.2.azurestaticapps.net/.redirect/aad?hostName=<defaultHostName>" instead of "https://identity.2.azurestaticapps.net/.redirect/aad?hostName=<frontdoorHostName>", and so the user finds themself redirected to the default domain instead of the frontdoor one after logging in.
Joseph Boyd, have you disabled caching for your secured routes and authenticated paths?
The following blog article describes your scenario in detail:
https://azure.github.io/AppService/2021/03/26/Secure-resilient-site-with-custom-domain.html
Hello @Ametkhan ,
I understand that you have a static web app which is tied with an Azure Front Door and when accessing the login page, after authentication you are getting stuck on this URL "https://identity.2.azurestaticapps.net/.auth/login/done" with Unauthorized error code 401.
Looking at your statement "Without Front Door authorization works fine", I believe you have manually configured Azure Front Door for your static web app.
We have a doc which shows how to manually configure Azure Front Door for Azure Static Web Apps as below:
https://learn.microsoft.com/en-us/azure/static-web-apps/front-door-manual
And it recommends disabling Front Door's caching policies from trying to cache authentication and authorization-related pages.
After you disable cache for auth workflow, you need to update your Static web app configuration file to:
We also have a documentation with the Static web apps configuration information as below:
https://learn.microsoft.com/en-us/azure/static-web-apps/configuration
And it also mentions that if you set up manual integration with Azure Front Door, you may want to disable caching for your secured routes and disable cache for authenticated paths.
To disable Azure Front Door caching for secured routes, add "Cache-Control": "no-store" to the route header definition.
Request you to check your Azure Front Door and Static web app configuration and make sure all the above configurations are done at your end correctly.
Kindly let us know if the above helps or you need further assistance on this issue.
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.