unable to access Azure Web app with public network access disabled

Question

unable to access Azure Web app with public network access disabled

Muhammad Nadeem Akhter 0

Hi,

I am trying to access an azure web app with "public network access" disabled. I can ping it internally but when I try to access it

"System.ServiceModel.Security.MessageSecurityException: The HTTP request was forbidden with client authentication scheme 'Anonymous'

I can access it when "public network access" is enabled on http

please help ASAP

Muhammad Nadeem Akhter 0 Reputation points

2023-12-04T16:31:37.58+00:00

please note I can ping the service as well
ajkuma 28,111 Reputation points Microsoft Employee Moderator

2023-12-08T13:01:05.6133333+00:00

@Muhammad Nadeem Akhter ,

Just checking in to see if you had got a chance to see the previous response. If the answer helped (pointed, you in the right direction) > please click Accept Answer Or please share the requested/more info to help you better.

2 answers

Your answer

Muhammad Nadeem Akhter 0 Reputation points

2023-12-04T16:31:37.58+00:00

please note I can ping the service as well
ajkuma 28,111 Reputation points Microsoft Employee Moderator

2023-12-08T13:01:05.6133333+00:00

@Muhammad Nadeem Akhter ,

Just checking in to see if you had got a chance to see the previous response. If the answer helped (pointed, you in the right direction) > please click Accept Answer Or please share the requested/more info to help you better.

Answer 1

Hi Muhammad Nadeem Akhter,

Despite of Ping can help you to test a ICMP protocol within Azure Vnet Itsn't the best option for TCP/HTTP protocol , So you can test doing your http call with curl (e.g. curl -v http://myweab.azurewebsites.net) if this isn't working.

You probably need to configure the path to connect privately in your vnet with one of these below mechanism:

https://learn.microsoft.com/en-us/azure/app-service/overview-vnet-integration

Service Endpoint (https://learn.microsoft.com/en-us/azure/virtual-network/virtual-network-service-endpoints-overview)
Private endpoint (https://learn.microsoft.com/en-us/azure/app-service/overview-private-endpoint)

Don't forget to check in your NSG attached to the vnet the rule to allow the communication to AppService tag. (https://learn.microsoft.com/en-us/azure/virtual-network/service-tags-overview)

Let me know if this help your issue.

Luis,

Muhammad Nadeem Akhter 0 Reputation points

2023-12-04T19:26:25.83+00:00

curl -v giving this error:
The web app you have attempted to reach has blocked your access.

Answer 2

As Luis mentioned, kindly review the NSG and VNET rules.

Just to highlight, the private endpoint uses an IP address from your Azure virtual network address space. Network traffic between a client on your private network and the app traverses over the virtual network and a Private Link on the Microsoft backbone network, eliminating exposure from the public Internet.

Based on the error message, please review if it's due to any additional WebApp authentication/or role permissions; post private webapp access validation.

Also, please check your config per the sample architecture, as outlined in the doc.

The virtual network integration feature cannot use the same subnet as private endpoint, this is a limitation of the virtual network integration feature.

Kindly let us know, I'll follow-up further. User's image

Share via

unable to access Azure Web app with public network access disabled

2 answers

Your answer