How can I get custom domains to work with Azure Active Directory B2C

Question

How can I get custom domains to work with Azure Active Directory B2C

Lou's World Inc 71

We have been unsuccessful using a custom domain with our AD B2C.

We have-

added a custom domain name and validated it
configured a CallbackPath
configure configured Front Door
validated custom domain login URL
defined custom domain/signin-oidc in app registration

However, we are unable to connect with our Azure AD B2C tenant without the redirect_uri still defined as the Azure URI (**.azurewebsites.net) not our custom domain and we can't figure out why. The result is once some logs in from the custom domain they end up on the Azure domain.

Any help would be greatly appreciated.

1 answer

Your answer

Answer 1

Shweta Mathur 30,296 Microsoft Employee Moderator

Hi @Lou's World Inc

Thanks for reaching out.

It seems to be configuration issue/

Below are the high level steps that you need to perform in order to enable custom domains for Azure AD B2C using Front Door:

1. Add a custom domain name to your Azure AD B2C tenant

2. Create a new Azure Front Door instance

3. Set up your custom domain on Azure Front Door

4. Configure CORS

5. Test your custom domain

6. Configure your identity provider

7. Configure your application

8. Block access to the default domain name

Reference - Refer to configure custom domain in Azure AD B2C: https://learn.microsoft.com/en-us/azure/active-directory-b2c/custom-domain?pivots=b2c-user-flow

Please verify that you are doing all the steps to configure custom domain at your end.

Hope this will help.

Thanks,

Shweta

Please "Accept the answer" if above answer helps you.

Lou's World Inc 71 Reputation points

2024-11-27T10:36:11.4233333+00:00

Shweta-

Thank you for the advice. Which of the 8 steps will prevent our website.azurewebsites.net from appear as the callback_uri value when we access the B2C? I ask because that is the issue we are stuck on.
Lou's World Inc 71 Reputation points

2024-11-27T11:08:33.7933333+00:00

Shweta-

Our call from our MVC app to the Tenant(AD B2C) may be why we have the incorrect callback_uri value but we don't know how to alter it.
Shweta Mathur 30,296 Reputation points Microsoft Employee Moderator

2024-11-28T10:00:40.84+00:00
Lou's World Inc

It seems that when attempting to open the web application, the URL displays the default Azure AD B2C tenant domain instead of the configured custom domain.

Have you tried updating the URL to use the custom domain? Does it work as expected in that case?

To resolve this, ensure your application is configured to use URLs with the custom domain as the hostname instead of the default Azure AD B2C domain. This applies to authentication endpoints that utilize Azure AD B2C policies (user flows or custom policies) for user authentication.

Examples of these endpoints using the custom domain format are:

https://<custom-domain>/<tenant-name>/<policy-name>/v2.0/.well-known/openid-configuration

https://<custom-domain>/<tenant-name>/<policy-name>/oauth2/v2.0/authorize

https://<custom-domain>/<tenant-name>/<policy-name>/oauth2/v2.0/token

You need to update hostName as mentioned below to update the URLs

Hope this will help.

Thanks,

Shweta

Please "Accept the answer" if above answer helps you.
Lou's World Inc 71 Reputation points

2024-11-29T05:38:58.0333333+00:00

Thank you for the advice Shweta. Where are you finding the example above "Client application configuration (MSAL.NET)", in the .net core application? The Tenant? Somewhere else?
Shweta Mathur 30,296 Reputation points Microsoft Employee Moderator

2024-12-03T03:56:34.16+00:00

Lou's World Inc This is just the example I shared with you >You can find reference here : https://learn.microsoft.com/en-us/entra/msal/dotnet/acquiring-tokens/desktop-mobile/social-identities
Lou's World Inc 71 Reputation points

2024-12-03T05:04:06.21+00:00

Thank you for your input. Our issue has been resolved. We needed additional definitions in our Program.cs file.
Shweta Mathur 30,296 Reputation points Microsoft Employee Moderator

2024-12-04T04:25:06.6266667+00:00

Lou's World Inc

I'm glad to hear that you resolved the issue by fixing your application's configuration!

It would be great if you could share the steps you took to resolve the problem, as this could assist other community members facing similar issue.

Additionally, please mark the answer as "Accepted"? This helps others in the community easily identify solutions to similar issues.

Thanks

Shweta
Lou's World Inc 71 Reputation points

2024-12-04T06:06:22.09+00:00

Unfortunately, non of your proposals resolved our issue so I can't "Accept the answer"

Share via

How can I get custom domains to work with Azure Active Directory B2C

1 answer

Your answer