App service custom domain SSL binding with Frotdoor

Question

We have a multi-tenant application that utilizes a single app service with multiple (one for each customer) backend databases.

This currently works by adding custom domains on the app service to direct requests to the correct database. We want the application to respond only to secure requests, so we need to bind the custom domains to SSL. Because we want the added security of Frontdoor, we also need to point the DNS there, and this is the start of the challenges we have with deployment.

To get a custom domain to correctly bind to a SSL certificate, we are currently having to setup a cname in DNS for the specific customer. Once the custom domain is added to the app service and bound to SSL (and verified by the app service), we can then change the cname in DNS to point at Frontdoor and complete the setup by adding a Frontdoor frontend and linking it to the correct backend pool.

We need custom domains on app services to ensure requests end up in the right place but its a pain having to separately verify each individual subdomain - ideally we would like to somehow verify them against a wildcard instead of individual DNS entries.

Answer 1

@Jo Scothern Thank you for your question regarding Azure App Services and Front Door.

At this time, this is a product limitation and there is not a way to reduce the work required to achieve the setup you described.

With that being said, we are always open to receive feedback so we can improve the products align with your needs. We invite you to share your feedback to Azure Feedback, which is a site that the product group reviews and looks for ideas on what to tackle next.

Please let us know if you have any further questions or concerns regarding this matter.