Azure Functions Custom Domain and Easy Auth

Maxim 20 Reputation points
2024-03-29T13:13:08.67+00:00

Hi Guys,

I am trying to use my custom domain www.mycustomdomainname.eu with Azure Functions.

I have registered CName record and TXT record with domain name provider.

Function App is configured with multiple authentication providers (Easy Auth) and it works well without using custom domain name.

When I am trying to use custom domain name, it only works if I disable Authentication in Function App, otherwise in Postman I am getting exception

You do not have permission to view this directory or page.

or in Browser I am getting:

The page cannot be displayed because an internal server error has occurred.

Could someone advice me please what am I missing and how to make it work Authentication together with Custom Domain.

Thanks in advance.

Azure Functions
Azure Functions
An Azure service that provides an event-driven serverless compute platform.
5,005 questions
0 comments No comments
{count} votes

Accepted answer
  1. Sina Salam 10,811 Reputation points
    2024-03-30T09:01:12.3666667+00:00

    Hello Maxim,

    Welcome to the Microsoft Q&A and thank you for posting your questions here.

    I understand that you are facing issues while attempting to integrate their custom domain (www.mycustomdomainname.eu) with Azure Functions, particularly when authentication (Easy Auth) is enabled within the Function App. While the Function App operates successfully without the custom domain and authentication enabled, encountering errors occurs when attempting to access the Function App through the custom domain with authentication enabled.

    To resolve this issue without wasting any time, you will need to focus your troubleshooting on Custom domain configuration and authentication.

    I would have love to ask for detail error logs to been examined to identify the root cause of the internal server error, and any specific error codes or messages that provide insights into what might be causing the issue.

    However, try the followings to address the issues faced by the user with integrating a custom domain with Azure Functions while maintaining authentication (Easy Auth).

    1. Double-check the CName and TXT records registered with the domain provider to ensure they accurately point to the Azure Function App. DNS changes might take some time to propagate. Ensure that the changes made to the DNS records have propagated across the internet. Also, in the Azure portal, navigate to the Function App settings and ensure that the custom domain is correctly configured under the "Custom domains" section.
    2. When enabling authentication (Easy Auth) for the Function App, ensure that the custom domain is listed as a valid redirect URI in the authentication settings. This is crucial for redirecting users back to the correct domain after authentication.
      1. Also, in the Azure portal, navigate to your Function App.
      2. Go to the "Authentication / Authorization" section under the "Settings" menu. Ensure that "App Service Authentication" is enabled.
      3. Under "Authentication Providers," select "Azure Active Directory."
      4. Add your custom domain (e.g., www.mycustomdomainname.eu) as a valid redirect URI.
    3. If the Function App exposes APIs accessed from a web application hosted on a different domain, ensure that CORS policies are properly configured. Update CORS settings to include the custom domain as an allowed origin.
    4. Check the authentication settings to ensure they align with the requirements for custom domain integration. Review any additional settings related to authentication, such as token lifetimes and identity providers, to ensure they are configured correctly. This is an example of how to configure authentication using Azure CLI:
         # Enable App Service Authentication for your Function App
         az webapp auth update --name <function-app-name> --resource-group <resource-group-name> --enabled true
         # Configure Azure Active Directory authentication provider
         az webapp auth update --name <function-app-name> --resource-group <resource-group-name> \
         --aad-allowed-token-audiences https://<function-app-name>.azurewebsites.net/.auth/login/aad/callback \
         --aad-client-id <client-id> \
         --aad-client-secret <client-secret> \
         --aad-token-issuer-url https://sts.windows.net/<tenant-id>/ \
         --aad-token-issuer-url-templates https://<function-app-name>.azurewebsites.net/.auth/login/aad/callback
         # Add custom domain as a valid redirect URI
         az webapp auth update --name <function-app-name> --resource-group <resource-group-name> \
         --aad-allowed-token-audiences https://<custom-domain>/.auth/login/aad/callback
         
      
      Replace <function-app-name>, <resource-group-name>, <client-id>, <client-secret>, <tenant-id>, and <custom-domain> with your actual values.

    I hope this is helpful! Do not hesitate to let me know if you have any other questions. If the error persists, ensure you post detail error logs for more insight.

    Please remember to "Accept Answer" if answer helped, so that others in the community facing similar issues can easily find the solution.

    Best Regards,

    Sina Salam

    0 comments No comments

1 additional answer

Sort by: Most helpful
  1. Maxim 20 Reputation points
    2024-03-30T14:39:30.6133333+00:00

    Thank you @Sina Salam for detailed description of steps to check.

    While looking through this information I realized that I made quite a silly mistake, so I will mention it, in case someone else will make a similar mistake :)

    I forgot to check my 3rd party authentication providers (Facebook, Google etc) and specify new (custom domain) redirect URI within each of them. After I did that it all worked.

    URI should look like this - https://{custom_domain}/.auth/login/{provider}/callback

    Thanks again for assisting me on this.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.