unauthorized webapp vnet integrated and container registry with private endpoint

Question

hello guys,

This is a duplicate post with the same ID. For some reason, the original question I posted seems to have a bug that prevents me from viewing it.

I have a Linux-based web app with VNet integration enabled, configured with an IP address space and a /29 subnet for the IP range. Additionally, I have an Azure Container Registry (ACR) with private access enabled and a private endpoint established within a dedicated VNet also using /29 subnet. The web app is also configured to use a system-assigned identity, which has been granted the AcrPull permission to the ACR IAM.

The challenge arises when I try to connect to the ACR from the web app's Kudu Bash using the command curl -v https://nonprodacr.azurecr.io/v2/. The response shows that the ACR endpoint is resolvable, but further down, it indicates an 'unauthorized' error. I suspect this might be related to IDMS (Identity Management Service) access. However, to my understanding, the default IDMS server should automatically be accessible within Azure infrastructure. I haven’t encountered this issue before with other web apps that have VNet integration enabled.

To provide a clearer picture of the services, I am sharing some of the configurations and test results I performed. Any guidance or advice on resolving this issue would be greatly appreciated.

kudu bash result:

WebApp networking configuration:

IP restriction: enabled with specified IPs for internal access

VNet integration: below screenshot

NSGs configuration: screenshot