Reading azure storage blob from azure app service returns 403 when integrated with VNet (preview)

0
votes

I created an azure app service (asp.net application to read from azure storage blob) and integrated it with VNet using the new VNet integration (preview) feature documented here.

After that I created an azure storage account and granted it access to the VNet using service endpoints.

With the above configuration azure storage returns 403 when trying to read a blob from the app service. Both, app service and storage are added to the same subnet.

According to Microsoft documentation at New VNet Integration, it's mentioned that new version of integration works with service endpoints:

There is a new version of the VNet Integration capability that doesn't depend on Point-to-Site VPN technology. Unlike the pre-existing feature, the new Preview feature will work with ExpressRoute and Service Endpoints.

I also tried adding NSG to VNet which has default rule of AllowVNetInbound and AllowVNetOutbound, which didn't solve the problem.

Am I missing some configuration?

1
azureazure-web-app-serviceazure-storageazure-virtual-network

1 Answers

1
votes

When you use a new version of the VNet Integration capability, you should make sure you meet the characteristics for new VNet Integration. Such as

The app and the VNet must be in the same region The new feature requires an unused subnet in your Resource Manager VNet. Your App Service plan must be a Standard, Premium, or PremiumV2 plan. ...

Except that, you can verify if some mistakes when you deploying these resources. You could refer to this auto-template to complete deployment. You also could get more references from this and note that the new VNet Integration is still in preview. Let me know if this could work.