Share via

VNET integration for static webapp

Felix Chippendale 20 Reputation points
2024-01-11T13:52:57.24+00:00

Hello,
I am attempting to link a static web app through "bring your own API" to a REST API running on a linux web app hosted on an app service. Both are connected to the same subnet within a vnet via private endpoints, which are tied to the same DNS zone to which I have made no changes. The linux web app has outbound network integration to the same subnet. Both the static web app and linux web app must have public access disabled and should only be accessible from within the vnet.

All requests made by the static webapp to the /api/ route are met with 403, unless I allow public network access within the linux web app, in which case everything functions as desired.

I have disabled authentication within the linux web app and set "Client certificate mode" to "Ignore" within the configuration > General Settings for the linux web app.

Is there a setting I've missed or some aspect of vnet integration that must be changed for this to function? Are some form of DNS entries required? Is there no way to accomplish this without additional services such as API Management?

Many thanks for the help.
Felix

Azure Static Web Apps
Azure Static Web Apps

An Azure service that provides streamlined full-stack web app development.

0 comments

Answer accepted by question author

  1. Sam Cogan 10,867 Reputation points Microsoft Employee
    2024-01-17T09:02:41.42+00:00

    Unfortuantely I don't think you are going to be able to achieve what you want here with static web apps. Private endpoints are for inbound traffic to the static web app, so by enabling private endpoints you allow resources on your vNet to be able to talk to your static web app, this does not allow for opposite, for your static web app to talk to resources on the vNet.

    For app services, as you have done, you would enable vNet integration which supports outbound communication, from the app service to the vNet. Unfortuantely static web apps do not support the vNet integration feature, so all traffic from your static web app is going via the internet, hence why you have to enable public access on your app service.

    If you need both to be private, then you are going to need to convert your static web app into an app service site, to be able to use the same vNet integration. Given you already have an app service, it can use the same app service plan, so would not incur additional cost.

    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.