@Rishi Verma • Thank you for reaching out.
Unfortunately, if the Web App can only be accessed via routing the request through VNet, you will not be able to call that web app/API via B2C. I assume that the B2C custom policy will make a REST call to the Web App via RESTful technical profile, in case of which the request is directly made via the internet and the API must be publicly accessible. You will have to secure the API by implementing authentication for API. You can then acquire the token via RESTful TP as mentioned in this XML snippet and pass that token in the authorization header to call the API.
-----------------------------------------------------------------------------------------------------------
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.