2

We have multiple backend APIs hosted on Azure web app under same plan. All APIs have same outbound ips, and all these APIs enabled access restriction, these APIs only accessible within the api gateway. We have blob storage, we have also enable restriction on it (Networking --> Enabled from selected virtual networks and IP addresses --> Firewall, added all APIs ips on it), Now when APIs going to fetch some image from blob it throw following error,

Azure.RequestFailedException: This request is not authorized to perform this operation.
RequestId:0bc5827d-c01e-0030-382f-929e61000000
Status: 403 (This request is not authorized to perform this operation.)
ErrorCode: AuthorizationFailure
Content:
<?xml version="1.0" encoding="utf-8"?><Error><Code>AuthorizationFailure</Code><Message>This request is not authorized to perform this operation.
RequestId:0bc5827d-c01e-0030-382f-929e61000000
Time:2023-05-29T13:11:56.0013545Z</Message></Error>

Point to be noted that both APIs and blob are not using vNet, and both are on same resource group and using the same Identity but when we remove network restriction on storage account (Enabled from all networks) it works fine

Saad Awan
  • 566
  • 2
  • 9
  • 23
  • 2
    Its very tough to answer the question, without minumum reproducible code. But you can check, if the Blobs are Private? Then you need to pass SAS token or SharedKey to get the Blob Information. – Ajay Managaon May 31 '23 at 06:14
  • Is it the same question posted here - https://stackoverflow.com/questions/76370411/blob-storage-403-unauthorized? – kosist May 31 '23 at 06:42
  • have you checked the CORS configuration on the blob? – thanzeel May 31 '23 at 06:48
  • yes checked, cors have no value selected, when i remove restriction on storage, apis conected blob smothly, but when enable restriction on blob it gives error – Saad Awan May 31 '23 at 09:42
  • I have given the outbound ips of APIs in blob storage, and both are deployed on same region, i think apis communicate to blob storage with private ips thats why apis not able to communicate with blob. is this the region? – Saad Awan May 31 '23 at 12:37

0 Answers0