问题
I have a Service Fabric cluster hosting many legacy WCF services and I would like to connect an Azure App Service (running a website) to the fabric cluster's VNET, such that it can communicate with the WCF services in the cluster.
I connected my fabric cluster's VNET to an existing virtual network of our organization using VNET peering and I can connect to the WCF services from VMs within the existing virtual network.
However, when connecting from the app service, I got the following error:
Could not connect to net.tcp://10.0.0.250:8020/. The connection attempt lasted for a time span of 00:00:00. TCP error code 10013: An attempt was made to access a socket in a way forbidden by its access permissions 10.0.0.250:8020.
I have configured an internal load balancer and its working ok if I connect from within the virtual network. Does anyone know why it doesn't work for the web app?
回答1:
If you want to access the resources in a VNet from Azure App Service, you could enable networking for app service. Note that
VNet Integration gives your web app access to resources in your virtual network but doesn't grant inbound private access to your web app from the virtual network. Private site access refers to making your app only accessible from a private network such as from within an Azure virtual network. VNet Integration is only for making outbound calls from your app into your VNet.
There are two versions of VNet integration, you could use Regional VNet Integration if service fabric's virtual network in the same region as your web app.
来源:https://stackoverflow.com/questions/57825674/azure-web-app-accessing-service-fabrics-virtual-network