Hi Mao Uyen Tram - Thanks for reaching out.
Is your App Service and storage account hosted in same region? If yes, then I would suggest you to add your App Service to a VNET and then try whitelisting the VNET on the storage account layer.
This is because when both the services are in same region, the connection would happen via internal backbone (mainly private IP') so even if you whitelist the IP's the actual IP hitting the storage would be different, hence the failure.
Please let me know if this helpful or if you any further queries, will be glad to assist.
Please do not forget to "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.