Share via

How to perform authentication in container apps through Front Door's custom domain?

Boyan Stefanov 20 Reputation points
2024-08-21T10:27:07.6133333+00:00

I have a container app hosting a service that's currently publicly accessible. I'd like to add an authentication/authorization mechanism to the container app so it requires a login from Entra ID first(via front door custom domain).

Our container app and container app environment are with enabled ingress and limited to VNET only. We use Front Door premium with a private endpoint connection and Front Door is used to route the requests with an origin group(pointing to the origin host name of the container app) and route(pattern to match /allure-docker-service/ and origin path /allure-docker-service) to the container app.

I tried following the steps outlined in https://learn.microsoft.com/en-us/azure/container-apps/authentication-entra#-create-an-app-registration-in-microsoft-entra-id-for-your-container-app and created & setup the app registration, but when we visit our service' public url (<custom domain>/allure-docker-service/projects/default/reports/latest/index.html) we are being redirected to https://<container app application url>/.auth/login/aad/callback which doesn't work because the container's not publicly available.

What is the correct configuration I should use to set up front door and the app registration in this case?

EDIT: This is what we currently have in Web > Redirect URIs:User's image

Azure Front Door
Azure Front Door
An Azure service that provides a cloud content delivery network with threat protection.
692 questions
Azure Container Apps
Azure Container Apps
An Azure service that provides a general-purpose, serverless container platform.
444 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Sina Salam 12,011 Reputation points
    2024-08-21T16:33:08.0966667+00:00

    Hello Boyan Stefanov,

    Welcome to the Microsoft Q&A and thank you for posting your questions here.

    I understand that you are having challenges to perform authentication in container apps through Front Door's custom domain.

    To configure authentication and authorization for your Azure Container App with Front Door and Microsoft Entra ID, you will need to create an App Registration Automatically. From Azure portal you will navigate to your app and select Authentication, to add Identity Provider by selecting Microsoft as the identity provider. By default, the option to create a new registration is selected. You can customize the registration name and supported account types and configure your client secret to generate and store as a secret in the container app. https://learn.microsoft.com/en-us/azure/container-apps/authentication-entra

    Also, if you like you can configure it manually.

    You can check a similar answer here if you use a private link https://learn.microsoft.com/en-us/answers/questions/1689342/front-door-with-azure-container-apps-and-private-l

    Accept Answer

    I hope this is helpful! Do not hesitate to let me know if you have any other questions.

    ** Please don't forget to close up the thread here by upvoting and accept it as an answer if it is helpful ** so that others in the community facing similar issues can easily find the solution.

    Best Regards,

    Sina Salam

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.