Using /.auth/ behind Azure Front Door

Martin Hinshelwood nkdAgility.com 75 MVP

I have AFD in front of my Azure Static Web App on https://nkdagility.com and I want to use the OOB /.auth/login/github to login. However it returns to the Static Web domain instead of the AFD domain... and /{AFDDoamin}/.auth/me is empty.

Is there any documentation or good practices around how to configure a Azure Static Web App behind AFD.

I already have a /.auth/login/github?post_login_redirect_uri=https://nkdagility.com/ but it still ends up at https://yellow-pond.nkdagility.com.

Martin Hinshelwood nkdAgility.com 75 Reputation points MVP

2024-12-05T08:59:24.0633333+00:00

This is great @ChaitanyaNaykodi-MSFT however if I add the same hostname to the Azure Static Site it takes ownership of it in DNS...

Since Azure Static Sites recommends Azure Front Door I would like to hear from them as to what the correct procedure is to maintain the URL's...

I was able to poke and get it to work, thanks to your documentation. :) It would still be great to hear what he intended setup is.
ChaitanyaNaykodi-MSFT 26,936 Reputation points Microsoft Employee

2024-12-05T20:13:41.2966667+00:00

@Martin Hinshelwood nkdAgility.com
Thank you for getting back.
We have reached to the product group internally regarding the ask above will make a response here as soon as we have an update. Thanks!
Martin Hinshelwood nkdAgility.com 75 Reputation points MVP

2024-12-06T16:11:21.65+00:00

Great!

I have it working following your doc, but I don't want to be caught out if its not the supported procedure.
ChaitanyaNaykodi-MSFT 26,936 Reputation points Microsoft Employee

2024-12-12T20:49:18.8533333+00:00

@Martin Hinshelwood nkdAgility.com
Thank you for your patience here. I just heard back from the team and the approach above for host name preservation is recommended by them in this scenario.I have added this as an update in my answer below. Please let me know if you have any additional questions. Thanks!

Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

Accepted answer

ChaitanyaNaykodi-MSFT 26,936 Reputation points Microsoft Employee

2024-12-04T18:59:10.3933333+00:00

@Martin Hinshelwood nkdAgility.com

Thank you for reaching out. I think the issue might be due to host name preservation as described in the article here
https://learn.microsoft.com/en-us/azure/architecture/best-practices/host-name-preservation

We recommend that you preserve the original HTTP host name when you use a reverse proxy in front of a web application. Having a different host name at the reverse proxy than the one that's provided to the back-end application server can lead to cookies or redirect URLs that don't work properly.

A common and more specific case of the previous scenario occurs when absolute redirect URLs are generated as described here.

The documentation does not specifically talk about static web apps as backend but The recommendation to preserve the host name typically still applies for any components in your application that depend on it, unless you specifically make your application aware of reverse proxies and respect the forwarded or X-Forwarded-Host headers, for example.
Update 12/12:

Thank you for your patience here, I just heard back from the team and the approach above for host name preservation is recommended by them in this scenario.

Hope this helps! Please let me know if you have any additional questions. Thanks
Please sign in to rate this answer.
Martin Hinshelwood nkdAgility.com 75 Reputation points MVP

2024-12-13T17:03:43.7333333+00:00

I have however run into a bug with this. Just this weekend this setup stopped working for my preview environemnts.

I have two AFD Endpoints... nkdagility.com and preview.nkdagility.com.

For preview.nkdagility.com I have it pointed at my preview site, but just these last few days it stopped working.

AFD Endpoint: nkdagility-preview-ajcxerc0cfexbhcw.z02.azurefd.net
Origin Host header: yellow-pond-042d21b03-preview.westeurope.5.azurestaticapps.net

What am I doing wrong?

ChaitanyaNaykodi-MSFT 26,936 Reputation points Microsoft Employee

2024-12-13T23:57:00.8833333+00:00

@Martin Hinshelwood nkdAgility.com

Thank you for getting back.

A quick question, have you added the same custom domain to preview site afd endpoint and the backend static app?

If yes, can you try changing Origin Host header value to blank? the reason being as documented here

If the request was made for www.contoso.com, and your origin contoso-westus.azurewebsites.net has an empty header field, Front Door sets the host header as www.contoso.com.

Please let me know if the issue still persists and we will gladly continue with our discussion. Thanks!
Sign in to comment

Use comments to ask for clarification, additional information, or improvements to the question.

Share via

Using /.auth/ behind Azure Front Door

0 additional answers

Your answer