locked
authenticate from a website to an azure mobile app service RRS feed

  • Question

  • I have an Azure Mobile App service that I use with my (Cordova and Xamarin) mobile apps. The URL for the Mobile App service is https://gonzo.azurewebsites.net/ (not the real URL). I want to create a website (ASP.NET Core 2.0 Web App)  that connects to my Azure Mobile App service, just like my apps do. I tried publishing it to the gonzo URL but that overwrote my mobile app service and thus I had to restore it. I’d love to know if there is a way to actually make that work.

    My next step was to create the website and use a different URL https://kermit.azurewebsites.net/. I use social authentication for my app mobile service. When I debug it locally against localhost, everything works perfectly. The problem that I’m running into is that when I try to login from the published website, regardless of the auth provider (facebook, Microsoft, google), instead of getting to the login UI supplied by the login provider, I get a 403 with the URL looking something like this: https://gonzo.azurewebsites.net/.auth/login/facebook/callback?code=long-code.

     

    I thought this can be fixed by allowing the kermit origin in my Azure Mobile App service in CORS. I even tried setting CORS to allow all hosts (*) but that didn’t make a difference. Any idea how to make this work?


    • Edited by lucorn Tuesday, February 6, 2018 12:23 AM
    Sunday, February 4, 2018 8:18 PM

All replies

  • Hi lucorn,

    I think you get 403 error when logging with https://kermit.azurewebsites.net/ because your original Azure Mobile App https://gonzo.azurewebsites.net/ has no way to know about your new website (https://kermit.azurewebsites.net/) and can't not redirect the callback to the new website, therefore not able to complete the login flow. This is the reason why you get redirect URL pointing to the old one in "https://gonzo.azurewebsites.net/.auth/login/facebook/callback?code=long-code".

    The CORS settings of Azure Mobile Apps is not intended for auth, therefore it won't work either.

    Back to your original question, I am afraid there's no out-of-box solution to use auth in your website to an Azure Mobile Apps backend the way as a mobile client (ios/android/etc.). The server-auth-flow of Azure Mobile Apps requires redirect that won't work for your scenario. The client-auth-flow of Azure Mobile Apps might be an option but you'll have to do lots of extra work to handle the redirect and a few other things.

    Thanks.

    Di

    • Proposed as answer by Swikruti Bose Friday, February 9, 2018 2:45 AM
    Thursday, February 8, 2018 11:09 PM