question

CarolLai-5934 avatar image
0 Votes"
CarolLai-5934 asked MarileeTurscak-MSFT answered

AAD B2C: Work with Azure Front Door

I have configured the Azure front door to work with the app service. Then I added the AAD B2C login by using the custom policy. The AAD B2C doesn't work with Azure front door because the return uri still points to the app service as the following:

https://<tenant-name>.b2clogin.com/<tenant-name>.onmicrosoft.com/b2c_1a_signin_only/oauth2/v2.0/authorize?client_id=c1f576c3-d0da-4752-b925-78fc186a29e5&;redirect_uri=https%3A%2F%2F<app-name>.azurewebsites.net%2FManagement%2F&response_type=......

instead of the azure front door address <Front Door host>.azurefd.net or our custom domain which directs to <Front Door Host>.azurefd.net.

I have added the <Front Door host>.azurefd.net and custom domain as the redirect URIs under the authentication for the app registration on AAD B2C.

I have also tried with blanking out the Backend host header in Backend pools. The return uri still points to the app service which is blocked out form direct access.

How to make AAD B2C to return to Azure front door instead of app service?

azure-ad-b2cazure-front-doorazure-webapps-custom-domains
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

MarileeTurscak-MSFT avatar image
0 Votes"
MarileeTurscak-MSFT answered

A similar issue was reported to the B2C team.

One resolution was to remove the default host header in Azure Front Door backend pool. If your requests have x-forwarded-for headers, you can try disabling that with:

options.ForwardedHeaders = ForwardedHeaders.XForwardedHost | ForwardedHeaders.XForwardedProto;

For the full troubleshooting, see: https://github.com/AzureAD/microsoft-identity-web/wiki/Deploying-Web-apps-to-App-services-as-Linux-containers

And: https://github.com/AzureAD/microsoft-identity-web/issues/1076

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.