Azure - New Restrictions To Azurewebsites.net Domain

Shriram Pophali
Oct 28, 2021

23.3k
0
3
- facebook
- twitter
- linkedIn
- Reddit
- WhatsApp
- Email
- Bookmark

Effective from 15th Oct 2021, Microsoft has implemented a change in Azure Web API Authentication.

“For single tenant applications, a request to add/update AppId URI (identifierUris) will validate that domain in the value of URI is part of the verified domain list in the customer tenant or the value uses the default scheme (api://{appId}) provided by AAD.”

More details about the change can be found in Microsoft document:

AppId Uri in single tenant applications will require use of default scheme or verified domains

https://docs.microsoft.com/en-us/azure/active-directory/develop/reference-breaking-changes#appid-uri-in-single-tenant-applications-will-require-use-of-default-scheme-or-verified-domains

Let’s try to understand how it affects.

Use Case

For example, You have an authenticated Azure Web API with “azurewebsites.net” domain (which is Microsoft’s own domain) invoked in SPA application embedded in SharePoint Online Site Page.

Web API is authenticated against Azure AD and in associated AAD App, in Expose an API section, Application ID URI is to be set as https://<example>. azurewebsites.net and scope to be added as “https://<example>. azurewebsites.net/user_impersonation”

Expose an API

Problem

Now when we try to set Application ID URI as https://<example>. azurewebsites.net in AAD App, it throws below exception:

Error: Failed to update Application ID URI application property. Error detail: Values of IdentifierUris property must use a verified domain of the organization or its subdomain: https://<example>. azurewebsites.net

Solution

Before 15th Oct 2021 this was easily possible and “azurewebsites.net” was allowed. (To some relief, earlier set API’s having “azurewebsites.net” domain in Application ID URI’s will continue to work.)

But now with this new change, Microsoft has restricted this “azurewebsites.net” domain to be used and we now need to use only “Verified” custom domains as API domain which are whitelisted in Azure “Custom domain names” list.

Here is a article which explains how to associate “azurewebsites.net” with custom domain

https://azure.github.io/AppService/2020/07/28/zero_to_hero_pt5.html

Happy Learning, Anywhere! J