3

I made an App Service (S1) and then from the Networking blade created a VNet Integration using the documentation here. The connection looks like VNet Integration Configuration Then I made a Storage Account and under the Firewall and Networking tab I selected the preconfigured VNet that was made by the portal Storage networking tab here

Trying to access the Azure Storage from a deployed Web App give a 403 forbidden error. What settings do I need to change for the Web App to gain access to the Azure Storage Service Endpoint?

Cœur
  • 37,241
  • 25
  • 195
  • 267
robjam
  • 969
  • 1
  • 11
  • 24
  • 1
    Did you find any solution? I'm facing the same issue – Augusto Barreto Jun 29 '18 at 20:00
  • Outside of using App Service Environment, it looks like Virtual Networks are not possible. But Azure AD Authentication for Azure Storage is in preview and may be something you could look into to lock down azure storage resources. https://azure.microsoft.com/en-us/blog/announcing-the-preview-of-aad-authentication-for-storage/ – robjam Jul 02 '18 at 02:33

1 Answers1

3

Vnet integration gives your web app access to resources in your virtual network but does not grant private access to your web app from the virtual network.

Private site access refers to making your app only accessible from a private network such as from within an Azure virtual network. Private site access is only available with an ASE configured with an Internal Load Balancer (ILB).

More information about ILB ASE, please refer to this article.

Jason Ye
  • 13,710
  • 2
  • 16
  • 25
  • 1
    "Vnet integration gives your web app access to resources in your virtual network" is what I am trying to accomplish. – robjam Mar 29 '18 at 08:46
  • @robjam yes, you are use vnet integration, but it does not work for Azure storage. – Jason Ye Mar 29 '18 at 08:51
  • @robjam Yes, vnet integration not work for service endpoints. – Jason Ye Mar 29 '18 at 08:59
  • @robjam Please try to use ASE and service endpoint to achieve it. – Jason Ye Mar 29 '18 at 09:02
  • This is not true, the New VNET Integration works already with SQL Server and CosmosDb without needing an ASE. So one would expect Azure Storage to be added to the list as well. However, Azure Storage does not work in this setup at the moment. – hansmbakker Jul 05 '19 at 09:51