Preserve URL fragment in App Service with built-in Authentication

Peter Jakubis 5 Reputation points
2025-01-30T08:26:49.8833333+00:00

Hello,

I have setup App Service with built-in Authentication using Microsoft as identity provider following the guides in https://learn.microsoft.com/en-us/azure/app-service/scenario-secure-app-authentication-app-service?tabs=workforce-configuration.

Authentication itself is working as expected.

I need to preserve URI fragment after the login flow is finished. I have added WEBSITE_AUTH_PRESERVE_URL_FRAGMENT=true into application settings as documented in https://learn.microsoft.com/en-us/azure/app-service/configure-authentication-customize-sign-in-out#preserve-url-fragments, but the URI fragment is still stripped.

Do I need to configure something else?

Azure App Service
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
8,321 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Bhargavi Naragani 655 Reputation points Microsoft Vendor
    2025-02-04T08:01:52.73+00:00

    Hi @Peter Jakubis,
    Thank you for confirming and for trying out the suggestions. You have checked several times and restarted the app without success, and since it's a new App Service probably V2, let's look at other probable causes.

    1. Since URI fragments are never sent to the server, your client-side code must explicitly preserve the fragment during the login flow.
      Add this JavaScript to your app:
    // Save the fragment before redirecting to login
     
    if (window.location.hash && !isAuthenticated()) { 
    // Replace with your auth check
      sessionStorage.setItem('preLoginHash', window.location.hash);
      window.location.href = '/login'; // Trigger EasyAuth redirect
    }
     
    // After login, restore the fragment
    if (sessionStorage.getItem('preLoginHash')) {
      window.location.hash = sessionStorage.getItem('preLoginHash');
      sessionStorage.removeItem('preLoginHash');
    }
    
    1. Ensure your Azure AD (or other identity provider) allows the redirect URI with fragments. While fragments aren’t sent to the server, the client-side logic must still handle them.
    2. Use browser devtools to check network requests and ensure no server-side redirects strip the fragment.
    3. Test in an incognito window to rule out caching issues.

    Key Points:

    1. App Service authentication (EasyAuth) sometimes needs the application to handle the fragment correctly. The fragment (after the #) is never sent to the server because it's client-side. So, after authentication, the server can't know what the fragment was unless the client stores it and appends it back. The Azure documentation mentions that enabling this setting helps, but maybe the client-side code isn't handling it.
    2. Might need to modify client-side code to capture the fragment before redirecting to the login page. For example, using JavaScript to store the fragment in sessionStorage or localStorage before redirecting, then retrieving it after coming back from the login flow. Let me outline that process: when the user tries to access a page with a fragment, the client should detect they're not authenticated, save the fragment, redirect to login, and after login, check if there's a saved fragment and append it.
    3. possibility is there; the authentication flow isn't returning to the correct URL with the fragment. The redirect URI after login might be missing the fragment. Since the server can't handle fragments directly, the client needs to manage this. The user should ensure that their post-login redirect URL includes logic to reattach any stored fragment.
    4. App Service needs to be restarted after adding the setting. Sometimes configuration changes require a restart to take effect. check if app got restarted after setting the environment variable.
    5. There might be a conflict with other redirect URLs or settings in the authentication configuration. The allowed external redirect URLs should include the domain and any parameters necessary, but since fragments aren't sent to the server, this might not be the issue. Still, it's worth checking if any other settings are overriding the fragment preservation.

    Hope the above provided information help in better understanding and help you resolve the issue, if you have any further concerns or queries, please feel free to reach out to us.
    If the answer is helpful, please click Accept Answer and kindly upvote it so that other people who faces similar issue may get benefitted from it.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.