question

DannyGrady-1187 avatar image
0 Votes"
DannyGrady-1187 asked DannyGrady-1187 commented

How do you configure app service to access to an external resource?

I'm running a .NET Core 5 Web API deployed to an Azure App Service.

After receiving a request, my app attempts to contact an external URL (in this case, https://<my company name>.cognitiveservices.azure.com/). Unfortunately, I get the error "AcessDenied - Access denied due to Virtual Network/Firewall rules."

How do you configure an App Service to allow itself to communicate with an external resource?

On the networking settings there seems to be only four options, VNET, Hybrid Connections (both are irrelevant here), Azure front door seems concerned with load balancing and DDOS protection, and access restrictions IIRC seems like it's for specific IP whitelisting.

azure-webapps
· 3
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Is your web app or cognitive service setup to use a VNET? If so, it sounds like your VNET might have some access restrictions in place.

By default, App Services have the ability to make external calls. If your web app and/or cognitive service is not connected to a VNET, then you may have setup Azure Firewall in a way that is preventing the call.

It does not sound like you have set access restrictions on the web app as that gives a generic 403 HTTP error when blocked.

The main thing for a web app is that it's outbound IP addresses are allowed to reach the destination. To see what your outbound IP addresses are, go to the properties blade of your web app.

If you can let us know if you or someone else has attached your services to a VNET or if Azure Firewall is configured, we can help provide more specific guidance on how to ensure connectivity is enabled.


1 Vote 1 ·
0 Votes 0 ·

@brtrachMSFT-0711

You are correct. You have reminded me that the cognitive service I have setup has its own firewall rules. It had been so long since I had stood it up, I began to think of it as a discrete, Microsoft managed service, rather than something where I had direct control of the networking.

I set the networking rules for the cognitive service, and everything is working. Thank you for the discussion.




0 Votes 0 ·

0 Answers