问题描述

我正在尝试从集成到vnet subnet = "default"的应用程序服务访问cosmos db.该子网已为Cosmos db启用了服务终结点，并且vnet + subnet的配置已添加到cosmos db门户中.

I am trying to access cosmos db from an app service which is integrated to a vnet, subnet = "default". This subnet has service endpoint enabled for Cosmos db, and the configuration of vnet+subnet has been added in the cosmos db portal.

与vnet关联的虚拟网络网关具有

The virtual network gateway associated with the vnet has

Address pool = 172.16.0.0/24, Tunnel type = SSL VPN(SSTP) [disabled IKEv2 VPN]

SKU = VpnGw1

我希望与vnet集成的应用程序服务访问已为vnet，子网启用了服务端点的cosmos数据库

I would like the app service which is integrated with the vnet to access the cosmos db which has service endpoint enabled for the vnet, subnet

推荐答案

Azure App Service中的应用程序托管在多租户系统中，因此无法直接在VNet中配置应用程序.此外，VNet集成功能始终用于安全访问虚拟网络中的资源.这并不意味着Web应用程序位于该VNet中，并且您不能通过VNet终结点部分将Web应用程序限制为对cosmos DB的访问.

Apps in Azure App Service are hosted in a multi-tenant system, which precludes provisioning an app directly in a VNet. Also, the VNet Integration feature is always used for securely accessing to resources in your virtual network. This does not mean the web app is located in that VNet, and you could not restrict the web app access to cosmos DB via the VNet endpoint section.

如果只允许从VNet访问，则可以使用应用服务环境.该Web应用程序将被部署到一个VNet中，您可以通过该VNet精细地控制入站和出站应用程序网络流量.然后，您可以将VNet添加到cosmos DB防火墙中.

If you want to allow access only from a VNet, you could create a web app service with App Service Environments. The web app will be deployed into a VNet that you have fine-grained control over inbound and outbound application network traffic. Then you can add the VNet to the cosmos DB firewall.

这篇关于系统中不存在具有指定ID的实体的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！