Promote Azure Website using Azure Active Directory from staging environment

1
votes

I have an azure-website authenticated with Azure Active Directory, and my goal is to deploy to a staging slot, which is then promoted to the production environment. However when I deploy to the staging slot it is being treated as a separate application in my Azure AD. When I promote the environment the Reply URL in Azure AD application stays the same, so that my production site is now being redirected back to the staging slot after logging in.

It would help if I could configure the application Reply URL in the app settings of the site, which can be configured on the azure-website environment itself. I have tried adding the ida:RedirectURI to the app settings and it had no effect.

1
azure-web-app-serviceazure-active-directoryazure-deployment
Did you ever resolve this? I'm having the same problem when using the "Enable AD Authentication" setting in the Azure Portal. The app doesn't show up in the "Applications" tab of the domain, so I can't change it.Erik A. Brandstadmoen
Have you tried switching between "Applications my company uses" and "Applications my company owns"?DivineOps
Yes, I have. No difference...Erik A. Brandstadmoen
I know this is old, but since this comes up in searching several years later, I posted what I did under question stackoverflow.com/questions/30297989/…. Hope it helps someone.Rahn

1 Answers

2
votes

I assume you are using the Organizational features in the publishing tools from Visual Studio. Correct? What version of VS are you using? The step by step guidance changes depending on the version, but to give you a blanket explanation of what's going on:

  • You can bypass the creation of a new app at publishing time by opting out of the organizational features in the publishing wizard
  • In that case, you need to make changes by hand
    • You can go in the Azure portal, find your Azure AD tenant, find the applications tab, identify your app entry, click on configure, scroll to the return URL section and add your staging/prod/whatever URLs you want to be able to use
    • Back in your project, you now need to tell to your identity library to use your return URL of choice instead of leaving the default. If you are using VS2013 you are using WIF, hence you need to find the WIF config element and inject the new reply attribute as shown below

<system.identityModel.services>
    <federationConfiguration>
      <cookieHandler requireSsl="true" />
      <wsFederation passiveRedirectEnabled="true" issuer="https://login.windows.net/developertenant.onmicrosoft.com/wsfed" realm="https://developertenant.onmicrosoft.com/blah"
reply="https://mynewURL" requireHttps="true" />
    </federationConfiguration>
  </system.identityModel.services>

If instead you are using OWIN, the place where you'd inject that would be different - but before writing it down I'd give you the chance of confirming if the above applies to your project :) HTH, V.