I have an Azure Web App where I have deployed a .Net 4.7 application with Umbraco CMS.
I want to require login before showing any content to a user.
Under the "Authentication" settings in the portal, I have configured an auth0 identity provider, and configured it as below:
Now, the issue is that it is not protecting the root url of the site. So:
GET https://mywebapp.azurewebsites.net => HTTP 200
GET https://mywebapp.azurewebsites.net/foo => HTTP 302 (Redirect to auth0)
Why would the root url not get the same 302 redirect?
Update
I tried reproducing this with a basic dotnet 8 application deployed to Azure, and that had no problem redirecting the / url to the login page, so this must be either a .Net Framework or Umbraco specific thing.
I still wonder how any requests reach the underlying code when the authentication is enabled, but maybe it just extends the application through http modules?