Document Details
Configure Authentication Customize Sign In Out
This page contains Windows bias
About This Page
This page is part of the Azure documentation. It contains code examples and configuration instructions for working with Azure services.
Bias Analysis
Detected Bias Types
windows_first
missing_linux_example
windows_tools
Summary
The documentation provides a server-level authorization example exclusively for Windows apps using IIS and web.config, with no equivalent example or guidance for Linux-based App Service apps. The section is labeled 'Windows apps only', and Linux users are told that 'Linux apps don't use IIS and can't be configured through web.config', but no alternative is offered. Additionally, the use of Kudu (which is available on both platforms) is described in the context of editing web.config, reinforcing a Windows-centric approach. There are no PowerShell-specific examples, but the overall pattern prioritizes Windows tooling and omits Linux parity.
Recommendations
- Add equivalent Linux guidance: Provide an example of how to implement server-level authorization for Linux-based App Service apps, such as using middleware in common frameworks (e.g., Node.js, Python, .NET Core) or via .htaccess for PHP.
- Clarify cross-platform tooling: When mentioning tools like Kudu, clarify their availability and usage on both Windows and Linux App Service plans.
- Balance examples: Where platform-specific configuration is discussed, ensure both Windows and Linux approaches are presented side by side, or clearly direct Linux users to appropriate resources.
- Explicitly state limitations: If certain features are not available on Linux, explain why and suggest best practices or workarounds for Linux users.
Create Pull Request
Scan History
| Date | Scan | Status | Result |
|---|---|---|---|
| 2026-01-14 00:00 | #250 | in_progress |
Biased
|
| 2026-01-13 00:00 | #246 | completed |
Biased
|
| 2026-01-12 00:00 | #243 | cancelled |
Biased
|
| 2026-01-11 00:00 | #240 | completed |
Biased
|
| 2026-01-10 00:00 | #237 | completed |
Biased
|
| 2026-01-09 00:34 | #234 | completed |
Biased
|
| 2026-01-08 00:53 | #231 | completed |
 Clean
|
| 2026-01-08 00:00 | #228 | cancelled |
Clean
|
| 2026-01-06 18:15 | #225 | cancelled |
Clean
|
| 2025-09-15 00:00 | #112 | completed |
Biased
|
| 2025-08-15 00:01 | #81 | cancelled |
Biased
|
| 2025-07-13 21:37 | #48 | completed |
Biased
|
| 2025-07-13 21:25 | #47 | cancelled |
Clean
|
| 2025-07-13 20:48 | #44 | cancelled |
Biased
|
| 2025-07-09 13:09 | #3 | cancelled |
Clean
|
| 2025-07-08 04:23 | #2 | cancelled |
Biased
|
Flagged Code Snippets
## Preserve URL fragments After users sign in to your app, they usually want to be redirected to the same section of the same page, such as `/wiki/Main_Page#SectionZ`. However, because [URL fragments](https://wikipedia.org/wiki/Fragment_identifier) (for example, `#SectionZ`) are never sent to the server, they're not preserved by default after the OAuth sign-in finishes and redirects back to your app. Users then get a suboptimal experience when they need to go to the desired anchor again. This limitation applies to all server-side authentication solutions. In App Service authentication, you can preserve URL fragments across the OAuth sign-in by setting `WEBSITE_AUTH_PRESERVE_URL_FRAGMENT` to `true`. You use this app setting in the [Azure portal](https://portal.azure.com), or you can run the following command in [Cloud Shell](../cloud-shell/quickstart.md):