4

Following the instructions on the Azure Blog, I'm trying to remove public access to our Storage Account and instead have our App Service app only access it via a Service Endpoint.

The App Service and Service Plan are added to the same VNet, and I've configured the VNet on the Service Endpoint.

But the moment I switch on "Allow access from selected networks" in the storage account (and select the VNet and subnet) the web app begins to fail with 403 Forbidden when accessing storage.

Allow access from selected networks

Is this supposed to work, or what could I be missing?

Tom Sun - MSFT
  • 22,436
  • 3
  • 23
  • 40
x5657
  • 908
  • 2
  • 13
  • 21
  • 1
    Refer https://social.msdn.microsoft.com/Forums/azure/en-US/9f4d8aeb-68a6-4ec1-9e11-bee2d1301792/allow-access-to-azure-storage-account-only-from-an-app-service?forum=windowsazurewebsitespreview and see if that helps. – AshokPeddakotla-MSFT Mar 01 '18 at 17:41
  • @x5657 Did you find any solution? – Augusto Barreto Jun 29 '18 at 23:02
  • @AugustoBarreto Afraid not. But on another similar issue we were advised by Microsoft to make sure each of our VNets have a (globally?) unique ID. I haven't had time to try it yet, but I'm wondering if it would help here. – x5657 Jul 01 '18 at 20:33

0 Answers0