azure-front-doorpre-authentication

Can Azure Front Door authenticate a Azure AD JWT before sending the request to the backend service?


we are planning to use FD to act as an reverse proxy to several backend apps. We would like to only send the request to the backend if the Authorization Header has a valid JWT. (similar to the APIM validate-jwt policy)

Is this possible in Front Door? Or is there a better way to achieve this.

Thanks Stefan


Solution

  • You can use the Azure Front Door rules engine to check to see if the authorization header contains something that looks like a valid JWT, but it won't have the ability to actually validate the token like the API Managment policy can. If the header match something that looks like a valid token you can forward it on to the proper backend. If it doesn't look like it contains a valid token you can send the request to the appropriate site to get a JWT.