My issue
I installed an Azure Application Gateway (AAG) in front of an App Service. Amethystegw and amethysteweb1 repectively. The AAG is on the VNET1.
amethysteweb1 is a real .NET application, not just the default IIS page.
When browsing from the AAG IP, say 20.223.179.174, it redirect on the app service url:
NOTE: I also tried to set only my public AAG IP
If I activate WAF rules it does not work because everything seem not to pass through AAG.
What I need
What can I do to have a normal behaviour?
Why Backend Health shows 307 code:
Other infos
Yes I tested the app service that works fine.
- Standard V2 Tier
- Listener type: Basic
- No custom domain
- HTTP (80) port
Rules:
Settings:
probe
I successefully tested it.
I read this that is quite similar to my issue:
Azure App Service behind Azure Application Gateway
CodePudding user response:
You need to handle the redirect substitution in the application, at least for .net 5 or 6 we have done it like this in the Startup. That configuration value contains the desired redirect, something like "https://{your url from app gateway}/signin-oidc"
services.Configure<OpenIdConnectOptions>(OpenIdConnectDefaults.AuthenticationScheme,
options => {
Task RedirectToIdentityProvider(RedirectContext ctx) {
var redirectUri = Configuration.GetValue<string>("AzureAdB2C:RedirectUri");
if (!string.IsNullOrWhiteSpace(redirectUri)) {
ctx.ProtocolMessage.RedirectUri = redirectUri;
}
return Task.FromResult(0);
}
var previousEvent = options.Events.OnRedirectToIdentityProvider;
options.Events.OnRedirectToIdentityProvider = (context) => { previousEvent(context); return RedirectToIdentityProvider(context); };
});
CodePudding user response:
I found the solutions.
The web apps was a .NET application that forced an HTTP to HTTPS redirection.
I just removed:
app.UseHttpsRedirection();
And it is working now.
Thank you for all those helped me here.