How to Setup Azure Front door for ASP.NET MVC Webapp hosted in Azure App Service with Azure AD Authentication

Azure Front Door setup for Azure AD protected Dotnetcore Webapp | Dotnet Webapp Azure AD redirecturi update when App gateway/frontdoor

{tocify} $title={Table of Contents}

Create Webapp - Azure App Service

Create a webapp - azure app service to host the webapp we are creating.

Create Azure AD protected Webapp

Create a dotnet core webapp with Azure AD authentication using Open ID connect.

Follow this article to create a webapp with Azure AD:

Create Azure Front Door

Create Front Door endpoint

Create Front door origin group

Create Front door origin

Front door settings look like this after all above steps

In this we have to update the host header to empty so that the

Update redirect Uri in Azure AD

Update the redirect Uri in Azure AD with the Front door endpoint url

Update Webapp with the redirect Uri of Front door

When the Web App sits behind Azure Front Door, we need to configure the redirect_uri in the /authorize request to be the Front Door's address.

In the code below we override the "OnRedirectToIdentityProvider" event and inject the Front Door's address. When I was trying this out, I simply hardcoded the address but ideally, you'd extract it from the headers that Front Door injects into the request.

This is the code I used when trying to authenticate my dotnet core Server App (.net 6) running on an Azure App Service, Protected by Azure AD, running behind Azure Front Door.

public void ConfigureServices(IServiceCollection services)
    // ... existing code

                .EnableTokenAcquisitionToCallDownstreamApi(new[] { "User.Read" })

    services.Configure<OpenIdConnectOptions>(OpenIdConnectDefaults.AuthenticationScheme, options =>
        options.Events = new OpenIdConnectEvents
            OnRedirectToIdentityProvider = (context) =>
                // Override the redirect_uri
                //  Ideally extract this from config
                //  Or context.Request.Headers["X-Forwarded-Host"]
                //  see:

                    = "https://YOUR-FRONT-DOOR-or-APP-GATEWAY/signin-oidc";
                return Task.FromResult(0);

    services.Configure<ForwardedHeadersOptions>(options =>
        options.ForwardedHeaders = ForwardedHeaders.XForwardedFor |

    // ... existing code

public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
    // ... existing code
    // Don't forget to add this ...
    // ... existing code

When the code works, the "redirect_uri" param should point to your Front Door/Gateway as shown here.


Post a Comment

Previous Post Next Post


post ad 2