Azure Web App authentication redirect not working with Custom Domain
Hi,
I am working on a cloud migration from on-prem hosting to azure of an legacy corporate app.
We are using an asp.net mvc with .net framework 4.8 with razor pages.
It used to utilize windows authorization on the on-prem server.
We switched that to the azure authentication with Microsoft.Owin.Security package and we managed to get working as a Web App Service.
However, problems arise when we want to use our custom domain instead of the default azure assigned domain.
What we have done:
- Adding a Startup.cs
using Owin;
namespace TimeTrackerAdminTool
{
public partial class Startup
{
public void Configuration(IAppBuilder app)
{
ConfigureAuth(app);
}
}
}
- Adding Startuo.Auth.cs to "App_Start" folder.
using Microsoft.Owin.Security;
using Microsoft.Owin.Security.Cookies;
using Microsoft.Owin.Security.OpenIdConnect;
using Owin;
using System;
using System.Configuration;
using System.Security.Claims;
using Microsoft.Owin.Extensions;
namespace TimeTrackerAdminTool
{
public partial class Startup
{
private static string clientId = ConfigurationManager.AppSettings["ida:ClientId"];
private static string aadInstance = EnsureTrailingSlash(ConfigurationManager.AppSettings["ida:AADInstance"]);
private static string tenantId = ConfigurationManager.AppSettings["ida:TenantId"];
private static string postLogoutRedirectUri = ConfigurationManager.AppSettings["ida:PostLogoutRedirectUri"];
private static string redirectUri = ConfigurationManager.AppSettings["ida:redirectUri"];
private static string authority = aadInstance + tenantId + "/v2.0";
public void ConfigureAuth(IAppBuilder app)
{
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
app.UseCookieAuthentication(new CookieAuthenticationOptions());
app.UseOpenIdConnectAuthentication(
new OpenIdConnectAuthenticationOptions
{
ClientId = clientId,
Authority = authority,
PostLogoutRedirectUri = postLogoutRedirectUri,
RedirectUri = redirectUri,
Notifications = new OpenIdConnectAuthenticationNotifications()
{
SecurityTokenValidated = (context) =>
{
string name = context.AuthenticationTicket.Identity.FindFirst("preferred_username").Value;
context.AuthenticationTicket.Identity.AddClaim(new Claim(ClaimTypes.Name, name, string.Empty));
return System.Threading.Tasks.Task.FromResult(0);
}
}
});
// probably not needed
app.UseStageMarker(PipelineStage.Authenticate);
}
private static string EnsureTrailingSlash(string value)
{
if (value == null)
{
value = string.Empty;
}
if (!value.EndsWith("/", StringComparison.Ordinal))
{
return value + "/";
}
return value;
}
}
}
- Setup Redirect URLs in Azure App Registration for azure assigned URL and for custom domain
- Of course we removed the logic for the on prem authentication.
When calling the azure assigned domain, it directly redirects to the SSO login page and after login successfully redirects to the Web App and works like charm.
When calling the custom domain it redirects to the SSO login page and after successfully logging in the redirect fails with a surprising DNS error "DNS_PROBE_FINISHED_NXDOMAIN".
We tried a "hello world" asp.net mvc 4.8 without any login just to check the custom URL and that works as well.
We followed that article https://learn.microsoft.com/en-us/azure/app-service/app-service-web-tutorial-custom-domain?tabs=subdomain%2Cazurecli#enable-the-cname-record-mapping-in-azure to setup the domain.
Any help is much appreciated.
Thanks