Azure服务身份验证扩展默认租户/订阅 [英] Azure Services Authentication Extension default tenant / subscription

问题描述

我正在使用带有 Azure服务身份验证扩展已安装.我必须在目标订阅中使用的身份可以访问多个租户以及这些租户中的订阅.

I'm doing local azure function development for an MSI-enabled application using Visual Studio 2017 v15.6.2 with the Azure Services Authentication Extension installed. The identity I have to work with in the target subscription has access to multiple tenants and subscriptions within those tenants.

在安装外接程序之前，我可以使用Azure CLI使用az account set -subscripton TARGET-SUB-NAME设置默认订阅/租户. az account show确认我选择了正确的订阅，并且一切正常.

Before I installed the add-in I was able to use the Azure CLI to set the default subscription/tenant using az account set -subscripton TARGET-SUB-NAME. az account show confirmed that I had selected the correct subscription and everything worked well.

自安装VS扩展以来，我无法再访问目标订阅中的资源，因为该扩展无法选择默认的租户/订阅组合. CLI仍然显示目标订阅，但是GetAccessTokenAsync("https://management.azure.com/");调用生成的JWT显示使用身份的默认订阅(令牌中的tid)请求令牌.

Since installing the VS extension I can no longer access the resources in the target subscription because the extension has no way to select the default tenant/subscription combo. The CLI still shows the target subscription, but JWTs that are generated by GetAccessTokenAsync("https://management.azure.com/"); calls show that the tokens are being requested with the identity's default subscription (tid in the token).

是否可以为扩展程序设置默认订阅，或者以其他方式绕过此阻止程序?

Is there a way to set the default subscription for the extension or otherwise get around this blocker?

推荐答案

通过遵循此页面上的说明.

具体地说，我在环境变量AzureServicesAuthConnectionString中使用了连接字符串RunAs=Developer; DeveloperTool=AzureCli，并且能够将控制权返回给CLI.

Specifically, I used the connection string RunAs=Developer; DeveloperTool=AzureCli in the environmental variable AzureServicesAuthConnectionString and was able to return control to the CLI.

这篇关于Azure服务身份验证扩展默认租户/订阅的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！