Can not upload text file to Blob Storage from App Service

Question

Now, My system configuration is App service, Vnet and ExpressRoute. I try to attach Blob Storage to this system. In python, App service generates text file as debug log, I will upload text file to Blob Storage. However, the following error log was output. Please tell me some items to fix.In addition, in the BlobStorage, text file is generated. but this file has no word. So, I think that App service can not overwrite it.

  2024-02-04 11:30:58.600 Uncaught app exception
  Traceback (most recent call last):
    File "/tmp/8dc24840453a39b/antenv/lib/python3.11/site-packages/streamlit/runtime/scriptrunner/script_runner.py", line 535, in _run_script
      exec(code, module.__dict__)
    File "/tmp/8dc24840453a39b/Webapp.py", line 166, in <module>
      blob_log.blob_upload('start!!')
    File "/tmp/8dc24840453a39b/src/logger.py", line 54, in blob_upload
      blob_client.upload_blob(data,overwrite=True)
    File "/tmp/8dc24840453a39b/antenv/lib/python3.11/site-packages/azure/core/tracing/decorator.py", line 78, in wrapper_use_tracer
      return func(*args, **kwargs)
             ^^^^^^^^^^^^^^^^^^^^^
    File "/tmp/8dc24840453a39b/antenv/lib/python3.11/site-packages/azure/storage/blob/_blob_client.py", line 765, in upload_blob
      return upload_block_blob(**options)
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
    File "/tmp/8dc24840453a39b/antenv/lib/python3.11/site-packages/azure/storage/blob/_upload_helpers.py", line 195, in upload_block_blob
      process_storage_error(error)
    File "/tmp/8dc24840453a39b/antenv/lib/python3.11/site-packages/azure/storage/blob/_shared/response_handlers.py", line 184, in process_storage_error
      exec("raise error from None")   # pylint: disable=exec-used # nosec
      ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
    File "<string>", line 1, in <module>
  azure.core.exceptions.HttpResponseError: This request is not authorized to perform this operation.
  RequestId:fb615f86-301e-0019-6a5d-57b7c2000000
  Time:2024-02-04T11:30:58.5870124Z
  ErrorCode:AuthorizationFailure
  Content: <?xml version="1.0" encoding="utf-8"?><Error><Code>AuthorizationFailure</Code><Message>This request is not authorized to perform this operation.
  RequestId:fb615f86-301e-0019-6a5d-57b7c2000000
  Time:2024-02-04T11:30:58.5870124Z</Message></Error>

Answer 1

Hi Yuji ,

The error "AuthorizationFailure" suggests an issue with the Azure Storage Blob authentication. Ensure your App Service has the necessary credentials and permissions to access the Blob Storage. Double-check the connection string or SAS token used for authentication in your Python script. Confirm that the App Service Identity or the connection details provided have the appropriate permissions (e.g., Storage Blob Data Contributor role) in the Azure portal. Additionally, verify if there are any network restrictions impacting the communication between the App Service and Blob Storage, especially considering the VNet and ExpressRoute setup. Addressing these aspects should resolve the authorization failure. Regards, Saravanan Ganesan.

Answer 2

Hello @YUJI FUJITA

The error message you’re seeing, azure.core.exceptions.HttpResponseError: This request is not authorized to perform this operation, is typically due to insufficient permissions

Here are some potential solutions: IAM Permissions: Ensure that the service principal used by your App service has the necessary permissions. Specifically, it should have the ‘Storage Blob Data Contributor’ role. You can add this role assignment in the IAM settings of your Azure Storage account.

Network Settings: If your storage account is protected by a firewall, you may need to adjust its network settings. You could add the outbound IP of the web app to the storage account’s whitelist or use a virtual network.

Please check these settings and try again. If the problem persists, you might want to look into more detailed logs. I hope this answers your question.

Answer 3

@YUJI FUJITA Welcome to Microsoft Q&A Forum, Thank you for posting your query here!
Adding more information to the above response
The cause of the 403 error is due to the IP Authorization failure.  Can you whitelist the IP address  203.180.234.17  in their storage---> Networking --->  firewall section

Additional information: Refer to the suggestion mentioned in this Q&A thread, which provides some idea on your query

Check if the permissions are set correctly. Make sure that the account has the necessary permissions to perform the operation. You can check the permissions by going to the Azure portal and checking the access policies for the Blob Storage account.

Check if the credentials used to access the Blob Storage are correct. Make sure that the account name and account key or SAS token are correct. Regarding the issue with the text file generated by the App Service not being overwritten, it could be due to the overwrite parameter not being set to True. You can try setting the overwrite parameter to True when uploading the file to the Blob Storage. Here is an example:

blob_client.upload_blob(data, overwrite=True)

 Please let us know if you have any further queries. I’m happy to assist you further.     

---Please do not forget to "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.