Tutorial: Deploy a web application connected to Azure Blob Storage with Service Connector

Learn how to access Azure Blob Storage for a web app (not a signed-in user) running on Azure App Service by using managed identities. In this tutorial, you'll use the Azure CLI to complete the following tasks:

• Set up your initial environment with the Azure CLI
• Create a storage account and an Azure Blob Storage container.
• Deploy code to Azure App Service and connect to storage with managed identity using Service Connector

Prerequisites

• An Azure account with an active subscription. Create an account for free.

• Use the Bash environment in Azure Cloud Shell. For more information, see Quickstart for Bash in Azure Cloud Shell.

  

• If you prefer to run CLI reference commands locally, install the Azure CLI. If you're running on Windows or macOS, consider running Azure CLI in a Docker container. For more information, see How to run the Azure CLI in a Docker container.

  • If you're using a local installation, sign in to the Azure CLI by using the az login command. To finish the authentication process, follow the steps displayed in your terminal. For other sign-in options, see Sign in with the Azure CLI.

  • When you're prompted, install the Azure CLI extension on first use. For more information about extensions, see Use extensions with the Azure CLI.

  • Run az version to find the version and dependent libraries that are installed. To upgrade to the latest version, run az upgrade.

Set up your initial environment

1. Check that your Azure CLI version is 2.30.0 or higher:

   az --version
   

   If you need to upgrade, run the az upgrade command (requires version 2.11+).

2. Sign in to Azure using the CLI:

   az login
   

   This command opens a browser to gather your credentials. When the command finishes, it shows a JSON output containing information about your subscriptions.

   Once signed in, you can run Azure commands with the Azure CLI to work with resources in your subscription.

Clone or download the sample app

1. Clone the sample repository:

   git clone https://github.com/Azure-Samples/serviceconnector-webapp-storageblob-dotnet.git
   

2. Go to the repository's root folder:

   cd serviceconnector-webapp-storageblob-dotnet
   

Create the App Service app

1. In the terminal, make sure you're in the WebAppStorageMISample repository folder that contains the app code.

2. Create an App Service app (the host process) with the az webapp up command below and replace the placeholders with your own data:

   • For the --location argument, use a region supported by Service Connector.
   • Replace <app-name> with a unique name across Azure. The server endpoint is https://<app-name>.azurewebsites.net. Allowed characters for <app-name> are A-Z, 0-9, and -. A good pattern is to use a combination of your company name and an app identifier.

    az webapp up --name <app-name> --sku B1 --location eastus --resource-group ServiceConnector-tutorial-rg
   

Create a storage account and a Blob Storage container

In the terminal, run the following command to create a general purpose v2 storage account and a Blob Storage container.

az storage account create --name <storage-name> --resource-group ServiceConnector-tutorial-rg --sku Standard_RAGRS --https-only

Replace <storage-name> with a unique name. The name of the container must be in lowercase, start with a letter or a number, and can include only letters, numbers, and the dash (-) character.

Connect an App Service app to a Blob Storage container with a managed identity

In the terminal, run the following command to connect your web app to a blob storage using a managed identity.

az webapp connection create storage-blob -g ServiceConnector-tutorial-rg -n <app-name> --tg ServiceConnector-tutorial-rg --account <storage-name> --system-identity

Replace the following placeholders with your own data:

• Replace <app-name> with the web app name you used in step 3.
• Replace <storage-name> with the storage app name you used in step 4.

Note

If you see the error message "The subscription is not registered to use Microsoft.ServiceLinker", run az provider register -n Microsoft.ServiceLinker to register the Service Connector resource provider and run the connection command again.

Run sample code

In the terminal, run the following command to open the sample application in your browser. Replace <app-name> with the web app name you used earlier.

az webapp browse --name <app-name> 

The sample code is a web application. Each time you refresh the index page, the application creates or updates a blob with the text Hello Service Connector! Current is {UTC Time Now} to the storage container and reads back to show it in the index page.

Next steps

To learn more about Service Connector, read the guide below.

Service Connector concepts