unable to access Azure Web app with public network access disabled

Muhammad Nadeem Akhter 0 Reputation points
2023-12-04T16:19:51.74+00:00

Hi,

I am trying to access an azure web app with "public network access" disabled. I can ping it internally but when I try to access it

"System.ServiceModel.Security.MessageSecurityException: The HTTP request was forbidden with client authentication scheme 'Anonymous'

I can access it when "public network access" is enabled on http

please help ASAP

Azure App Service
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
7,325 questions
{count} votes

2 answers

Sort by: Most helpful
  1. Luis Arias 5,981 Reputation points
    2023-12-04T16:47:44.12+00:00

    Hi Muhammad Nadeem Akhter,

    Despite of Ping can help you to test a ICMP protocol within Azure Vnet Itsn't the best option for TCP/HTTP protocol , So you can test doing your http call with curl (e.g. curl -v http://myweab.azurewebsites.net) if this isn't working.

    You probably need to configure the path to connect privately in your vnet with one of these below mechanism:

    https://learn.microsoft.com/en-us/azure/app-service/overview-vnet-integration

    Don't forget to check in your NSG attached to the vnet the rule to allow the communication to AppService tag. (https://learn.microsoft.com/en-us/azure/virtual-network/service-tags-overview)

    Let me know if this help your issue.

    Luis,


  2. ajkuma 24,566 Reputation points Microsoft Employee
    2023-12-06T19:20:18.34+00:00

    As Luis mentioned, kindly review the NSG and VNET rules.

    Just to highlight, the private endpoint uses an IP address from your Azure virtual network address space. Network traffic between a client on your private network and the app traverses over the virtual network and a Private Link on the Microsoft backbone network, eliminating exposure from the public Internet.

    Based on the error message, please review if it's due to any additional WebApp authentication/or role permissions; post private webapp access validation.

    Also, please check your config per the sample architecture, as outlined in the doc.

    The virtual network integration feature cannot use the same subnet as private endpoint, this is a limitation of the virtual network integration feature.

    Kindly let us know, I'll follow-up further. User's image

    0 comments No comments