Azure App Service HTTP requests to Azure VNet IP Addresses fail after upgrading to .NET 5.0
(I reported this issue at https://github.com/dotnet/runtime/issues/44686, but they currently think it might be an issue on the Azure side, and asked me to open a bug report here.)
I have a Windows Azure App Service hosting an ASP.NET Core MVC application that makes HTTP requests to a Linux VM via an Azure VNet IP address. When I target netcoreapp3.1, the requests succeed. When I target net5.0, I get the following exception:
System.Net.Http.HttpRequestException: An attempt was made to access a socket in a way forbidden by its access permissions. (10.1.0.4:80)
---> System.Net.Sockets.SocketException (10013): An attempt was made to access a socket in a way forbidden by its access permissions.
The app that reproduces the issue is here: https://github.com/jonsagara/AppServiceVNetCalls/tree/net5
branch "net31": This demonstrates that HttpClient GET requests to an Azure VNet IP address succeed. It also demonstrates that requests to a non-Azure VNet IP address succeed. See: https://appservicevnettest31.azurewebsites.net/
branch "net5": This demonstrates that HttpClient GET requests to an Azure VNet IP address fail. It also demonstrates that requests to a non-Azure VNet IP address succeed. See: https://appservicevnettest50.azurewebsites.net/
The above App Services have the following architecture:
- An Azure App Service hosting the ASP.NET applications. It's an S1 App Service Plan hosted in US West. They are Windows plans.
- An Azure Virtual Machine running Ubuntu Server 20.04 LTS on a Gen2 Standard B1s VM. I installed nginx solely to respond on port 80.
- The VM is connected to the App Service via an Azure VNet. As I am not a systems engineer, setting this up was laborious, and I'm not sure I could properly document it. However, it did require setting up an Azure Gateway VPN to connect the App Service to the VM.
Please let me know if I can provide more information.
Julien J commented
We also face a similar issue after upgrading to .Net 5 in an Azure Web App connecting to some internal APIs through Azure Hybrid Connections.
I had the same issue, I've spent some time try to troubleshot with Microsoft support and by my own.
My issue was happening from a Windows (IIS) environment.
I deployed the same app in a App Service (Linux) using same VNet and the issue was not happening there.
I've moved my app from Windows (IIS) to Linux (Same app service name) The issue persisted.
I'd tried to create a another VNet and the issue still happening.
I'd tried to redeploy the entire environments; Elastic Search, Network (with another subnet and IP) and dotnet 5 app, the issue was happening still.
I've removed the VNet for a couple of hours, after adding the VNet again the issue was no longer happening.
It's really hard to say here what have fixed it, I really don't know how it is the VNet lifecycle on Azure environment, but it seems that removing the VNet and adding it again after many hours has fixed the issue (As silly as it seems).
Same for me, Has there been any movement on this?
Same issue here as well, which is blocking our .NET upgrade effort.
Thorbjørn Nielsen commented
We got the same error
same issue for us, any ETA for fixing it?