Resolving Redirect Issues when hosting on-prem on Azure

When a user clicks a ticket link in a helpdesk email and is not logged in, the expected behavior is to redirect the user to the login page on the custom domain with a return URL back to the ticket. For example, clicking

https://support.MYDOMAIN.COM/Ticket/123

should redirect to

https://support.MYDOMAIN.COM/User/Login?ReturnUrl=%2FTicket%2F123

Issue

When hosting the app on Azure, instead of redirecting to the custom domain login page, users are redirected to the base Azure App Service URL like

https://ghs-prod-blah.azurewebsites.net/User/Login?ReturnUrl=%2FTicket%2F123

which does not match the custom domain.

Cause

The redirection is based on the Host Header missing when requests are proxied to the application by Azure Front Door (AFD).

Workaround and Resolution

1. Update the Host Header on the Origin in Azure Front Door: Set the Host Header to the custom domain (e.g., support.mycompany.au) instead of the App Service default domain.
2. Configure the Custom Domain on the App Service: Add the custom domain to the App Service without binding a certificate, following the guidance here: Manage custom DNS and migrate domain for Azure App Service.

This configuration ensures that when unauthenticated users click ticket links, they are redirected to the correct login page on the custom domain, preserving the expected user experience and maintaining security restrictions on the App Service.