Tutorial: Deploy a web application connected to Azure Blob Storage with Service Connector
Learn how to access Azure Blob Storage for a web app (not a signed-in user) running on Azure App Service by using managed identities. In this tutorial, you'll use the Azure CLI to complete the following tasks:
- Set up your initial environment with the Azure CLI
- Create a storage account and an Azure Blob Storage container.
- Deploy code to Azure App Service and connect to storage with managed identity using Service Connector
Prerequisites
- An Azure account with an active subscription. Create an account for free.
- The Azure CLI 2.30.0 or higher. You'll use it to run commands in any shell to provision and configure Azure resources.
Set up your initial environment
Check that your Azure CLI version is 2.30.0 or higher:
az --versionIf you need to upgrade, try the
az upgradecommand (requires version 2.11+) or see Install the Azure CLI.Sign in to Azure using the CLI:
az loginThis command opens a browser to gather your credentials. When the command finishes, it shows a JSON output containing information about your subscriptions.
Once signed in, you can run Azure commands with the Azure CLI to work with resources in your subscription.
Clone or download the sample app
Clone the sample repository:
git clone https://github.com/Azure-Samples/serviceconnector-webapp-storageblob-dotnet.gitGo to the repository's root folder:
cd serviceconnector-webapp-storageblob-dotnet
Create the App Service app
In the terminal, make sure you're in the WebAppStorageMISample repository folder that contains the app code.
Create an App Service app (the host process) with the
az webapp upcommand below.az webapp up --name <app-name> --sku B1 --location eastus --resource-group ServiceConnector-tutorial-rgReplace the following placeholder texts with your own data:
- For the
--locationargument, make sure to use a region supported by Service Connector. - Replace
<app-name>with a unique name across all Azure (the server endpoint ishttps://<app-name>.azurewebsites.net). Allowed characters for<app-name>areA-Z,0-9, and-. A good pattern is to use a combination of your company name and an app identifier.
- For the
Create a storage account and a Blob Storage container
In the terminal, run the following command to create a general purpose v2 storage account and a Blob Storage container.
az storage account create --name <storage-name> --resource-group ServiceConnector-tutorial-rg --sku Standard_RAGRS --https-only
Replace <storage-name> with a unique name. The name of the container must be in lowercase, start with a letter or a number, and can include only letters, numbers, and the dash (-) character.
Connect an App Service app to a Blob Storage container with a managed identity
In the terminal, run the following command to connect your web app to blob storage with a managed identity.
az webapp connection create storage-blob -g ServiceConnector-tutorial-rg -n <app-name> --tg ServiceConnector-tutorial-rg --account <storage-name> --system-identity
Replace the following placeholder texts with your own data:
- Replace
<app-name>with your web app name you used in step 3. - Replace
<storage-name>with your storage app name you used in step 4.
Note
If you see the error message "The subscription is not registered to use Microsoft.ServiceLinker", please run az provider register -n Microsoft.ServiceLinker to register the Service Connector resource provider and run the connection command again.
Run sample code
In the terminal, run the following command to open the sample application in your browser. Replace <app-name> with the web app name you used earlier.
az webapp browse --name <app-name>
The sample code is a web application. Each time you refresh the index page, the application creates or updates a blob with the text Hello Service Connector! Current is {UTC Time Now} to the storage container and reads back to show it in the index page.
Next steps
Follow the tutorials listed below to learn more about Service Connector.
Feedback
Submit and view feedback for