OK, so - I've got the new version of MtgDiscovery up and I started doing more non-local work.
My head-to-wall(and repeat) work with Azure B2C early into this project is coming roaring back.

This time, APIM has joined the fight.

Going to the App Service URL and signing in - FUCK YEAH! WORKS! Which I'm still super excited about.
Then I go to the APIM url and ... NOOOOOOO!!!! Fuck you! No Access!

... I've spent HOURS and HOURS so far trying to figure out what the fuck is going on... nothing.
I've got nothing.

I've gotten so frustrated with this that I submitted a support ticket to Azure Support.

I SUBMITTED A SUPPORT TICKET!!!! That's a new level of FUCK THIS for me.

I'm pretty sure there's some stupid little setting in some stupid little thing that needs to be set and it'll all work... but... I don't know what or where or GAAAAAHHHHHHHH!!!!!!

Frustrated. I had to walk away from the computer level of frustration.

I was a little OVER frustrated at the time. I thought that the B2C didn't work at all. When I was able to not throw the monitor I tested the App Service login and it works.
So ... it's just when it's using the APIM url. ... Lost.

Frustrated and Lost.

I like the confidence that AADB2C gives me for the security around the site. But it's ... not... simple. It's straight forward, but not simple.

Except this... apparently. This is DARK MAGIC!!! ... or some toggle in some dark corner of configuration...

We shall see.


After 75 minutes on a call with Microsoft we finally ... know what team needs to be engaged next.
Tried a few things with Microsoft Support, explored a few things. Did a thing after the call... No change in behavior.

So, next up is that they'll be looping in the App Service team. My original ticket had it about APIM, but it's probably more App Service related due to what they saw during the call.


They buck is being passed to the Microsoft Identity Team. I continue to wait...


Basically got told "you did it wrong, hire an architect".
Not thrilled.
Didn't even get told WHAT was wrong, just "you added APIM after getting B2C working, that's infrastructure and beyond our scope".

I'll be talking to a tech lead soon.

I think what I'm trying to do is not possible. Which I'm OK with having to re-architect the infra to accomodate "that's unsupported" - But I need to actually be told, "That's not possible".
Telling me "you did it wrong" doesn't help anyone; except to maybe close out a ticket that's been around for 6+ weeks.

I'm actually OK with the ticket taking so long. A bit annoyed since I'm done with most functionality and want the site live... but most of the time when I submit a support request, I've stumbled on trying something that ends up being an edge case or unsupported scenario.
One company had to re-write promotional material based on what I showed their product couldn't do.

ME: shows failure of DB operation
THEM: "It probably needs more memory"
ME: "There's no data"
THEM: ... ... "Oh... ... Yeah; our engineers confirmed thats unsupported"

Fun times...

Anyway, I'm restructuring my site anyway. I can flip it pretty fast back; or deploy to a new environment to work on it. It's so simple though... App Service, B2C, APIM - How do I use them together to provide an authenticated experience for users?

With my limited knowledge of the lower level networking that starts to hit things like "HOST" headers... I think what I want isn't doable. The B2C redirect URL needs to be configured in a way that would be insecure.

I hope this isn't the case, and what I want to do WORKS... because yay... but no... I think I hit an edge case and it won't work. So... I'll hijack it to work well enough.


I've re-architected my component interactions to not go through APIM for the main domain. Images are now served through APIM via a domain. Still masking the backing services, but with their own subdomain.

Not a great ending. But the site is LIVE!!!!!

Show Comments