Azure Blob storage unauthorized 403 while access from app service

Tahami Rizwan 20 Reputation points
2023-05-31T05:42:29.0366667+00:00

We have multiple backend APIs hosted on Azure web app under same plan. All APIs have same outbound ips, and all these APIs enabled access restriction, these APIs only accessible within the api gateway. We have blob storage, we have also enable restriction on it (Networking Enabled from selected virtual networks and IP addresses  Firewall, added all APIs ips on it), Now when APIs going to fetch some image from blob it throw following error,

Azure.RequestFailedException: This request is not authorized to perform this operation.

RequestId:0bc5827d-c01e-0030-382f-929e61000000

Status: 403 (This request is not authorized to perform this operation.)

ErrorCode: AuthorizationFailure

Content:

Point to be noted that both APIs and blob are not using vNet, and both are on same resource group and using the same Identity

but when we remove network restriction on storage account it works fine

Azure Storage Accounts
Azure Storage Accounts
Globally unique resources that provide access to data management services and serve as the parent namespace for the services.
2,913 questions
Azure Blob Storage
Azure Blob Storage
An Azure service that stores unstructured data in the cloud as blobs.
2,616 questions
Azure App Service
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
7,360 questions
{count} votes