如何以编程方式枚举Azure订阅和租户? [英] How to enumerate Azure subscriptions and tenants programmatically?

问题描述

如何以编程方式枚举Azure订阅和租户?这与我以前的问题有关 Login-AzureRmAccount(及相关) .NET Azure SDK中的等效项.

How to enumerate Azure subscriptions and tenants programmatically? This is related to my previous question Login-AzureRmAccount (and related) equivalent(s) in .NET Azure SDK.

基本上，我尝试在桌面或控制台应用程序中复制Login-AzureRmAccount和Get-AzureRmSubscription的行为.到目前为止，我已经发现 MSAL 似乎总是需要客户端ID和租户ID，因此需要从其他库中获取这些资源.之后，我想开始使用最新的库以编程方式创建服务主体，但是我认为这是一个需要进一步研究的主题(如有需要，还可以提供问题).

Basically I try to replicate the behavior of Login-AzureRmAccount and Get-AzureRmSubscription in desktop or a console application. Thus far I've figured out MSAL seems to always require client ID and tenant ID, so there needs to be some other library to acquire those from. After this I would like to go about creating a service principal programmatically using the most current library, but I suppose that is a subject for further investigation (and questions if needed).

推荐答案

实际上，Login-AzureRmAccount和Get-AzureRmSubscription使用 Microsoft Azure PowerShell 应用程序通过资源管理器REST API .

Actually, the Login-AzureRmAccount and Get-AzureRmSubscription use the Microsoft Azure PowerShell app to operate the Azure resource through Resource Manager REST APIs.

要使用REST模拟与PowersShell命令相同的操作，我们也可以使用此应用程序.但是，由于此应用程序是在Azure门户(而非v2.0应用程序)上注册的，因此我们无法使用此应用程序通过MSAL获取令牌.我们需要使用 Adal 而不是MSAL.

To simulate the same operations using REST as PowersShell commands, we can also use this app. However since this app is register on Azure portal(not the v2.0 app) so we are not able to acquire the token using this app via MSAL. We need to use Adal instead of MSAL.

这是一个代码示例，用于通过 Microsoft.WindowsAzure使用管理员帐户列出订阅.Management 使用此应用程序供您参考:

Here is a code sample to list the subscriptions using admin account via Microsoft.WindowsAzure.Management using this app for your reference:

public static void ListSubscriptions()
{
     string authority = "https://login.microsoftonline.com/common";
     string resource = "https://management.core.windows.net/";
     string clientId = "1950a258-227b-4e31-a9cf-717495945fc2";
    Uri redirectUri = new Uri("urn:ietf:wg:oauth:2.0:oob");
    AuthenticationContext authContext = new AuthenticationContext(authority);
    var access_token = authContext.AcquireTokenAsync(resource, clientId, redirectUri, new PlatformParameters (PromptBehavior.Auto)).Result.AccessToken;

    var tokenCred = new Microsoft.Azure.TokenCloudCredentials(access_token);
    var subscriptionClient = new SubscriptionClient(tokenCred);
    foreach (var subscription in subscriptionClient.Subscriptions.List())
    {
        Console.WriteLine(subscription.SubscriptionName);
    }
}

更新:

string resource = "https://management.core.windows.net/";
string clientId = "1950a258-227b-4e31-a9cf-717495945fc2";
string userName = "";
string password = "";

HttpClient client = new HttpClient();
string tokenEndpoint = "https://login.microsoftonline.com/common/oauth2/token";
var body = $"resource={resource}&client_id={clientId}&grant_type=password&username={userName}&password={password}";
var stringContent = new StringContent(body, Encoding.UTF8, "application/x-www-form-urlencoded");

var result = client.PostAsync(tokenEndpoint, stringContent).ContinueWith<string>((response) =>
{
    return response.Result.Content.ReadAsStringAsync().Result;
}).Result;

JObject jobject = JObject.Parse(result);
var token = jobject["access_token"].Value<string>();

client.DefaultRequestHeaders.Add("Authorization", $"bearer {token}");
var subcriptions = client.GetStringAsync("https://management.azure.com/subscriptions?api-version=2014-04-01-preview").Result;

Console.WriteLine(subcriptions);

这篇关于如何以编程方式枚举Azure订阅和租户?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！