Tutorial: Deploy a web application connected to Azure Blob Storage with Service Connector
In this tutorial, you learn how to access Azure Blob Storage for a web app (not a signed-in user) running on Azure App Service by using managed identities. In this tutorial, you'll use the Azure CLI to complete the following tasks:
- Set up your initial environment with the Azure CLI
- Create a storage account and an Azure Blob Storage container.
- Deploy code to Azure App Service and connect to storage with managed identity using Service Connector
Prerequisites
- An Azure account with an active subscription. Create an account for free.
Use the Bash environment in Azure Cloud Shell. For more information, see Quickstart for Bash in Azure Cloud Shell.
If you prefer to run CLI reference commands locally, install the Azure CLI. If you're running on Windows or macOS, consider running Azure CLI in a Docker container. For more information, see How to run the Azure CLI in a Docker container.
If you're using a local installation, sign in to the Azure CLI by using the az login command. To finish the authentication process, follow the steps displayed in your terminal. For other sign-in options, see Sign in with the Azure CLI.
When you're prompted, install the Azure CLI extension on first use. For more information about extensions, see Use extensions with the Azure CLI.
Run az version to find the version and dependent libraries that are installed. To upgrade to the latest version, run az upgrade.
Set up your initial environment
Check that your Azure CLI version is 2.30.0 or higher:
az --version
If you need to upgrade, run the
az upgrade
command (requires version 2.11+).Sign in to Azure using the CLI:
az login
This command opens a browser to gather your credentials. When the command finishes, it shows a JSON output containing information about your subscriptions.
Once signed in, you can run Azure commands with the Azure CLI to work with resources in your subscription.
Clone or download the sample app
Clone the sample repository:
git clone https://github.com/Azure-Samples/serviceconnector-webapp-storageblob-dotnet.git
Go to the repository's root folder:
cd serviceconnector-webapp-storageblob-dotnet
Create the App Service app
In the terminal, make sure you're in the WebAppStorageMISample repository folder that contains the app code.
Create an App Service app (the host process) with the
az webapp up
command below and replace the placeholders with your own data:- For the
--location
argument, use a region supported by Service Connector. - Replace
<app-name>
with a unique name across Azure. The server endpoint ishttps://<app-name>.azurewebsites.net
. Allowed characters for<app-name>
areA
-Z
,0
-9
, and-
. A good pattern is to use a combination of your company name and an app identifier.
az webapp up --name <app-name> --sku B1 --location eastus --resource-group ServiceConnector-tutorial-rg
- For the
Create a storage account and a Blob Storage container
In the terminal, run the following command to create a general purpose v2 storage account and a Blob Storage container.
az storage account create --name <storage-name> --resource-group ServiceConnector-tutorial-rg --sku Standard_RAGRS --https-only
Replace <storage-name>
with a unique name. The name of the container must be in lowercase, start with a letter or a number, and can include only letters, numbers, and the dash (-) character.
Connect an App Service app to a Blob Storage container with a managed identity
In the terminal, run the following command to connect your web app to a blob storage using a managed identity.
az webapp connection create storage-blob -g ServiceConnector-tutorial-rg -n <app-name> --tg ServiceConnector-tutorial-rg --account <storage-name> --system-identity
Replace the following placeholders with your own data:
- Replace
<app-name>
with the web app name you used in step 3. - Replace
<storage-name>
with the storage app name you used in step 4.
Note
If you see the error message "The subscription is not registered to use Microsoft.ServiceLinker", run az provider register -n Microsoft.ServiceLinker
to register the Service Connector resource provider and run the connection command again.
Run sample code
In the terminal, run the following command to open the sample application in your browser. Replace <app-name>
with the web app name you used earlier.
az webapp browse --name <app-name>
The sample code is a web application. Each time you refresh the index page, the application creates or updates a blob with the text Hello Service Connector! Current is {UTC Time Now}
to the storage container and reads back to show it in the index page.
Next step
To learn more about Service Connector, read the guide below.