Azure自动化:身份验证成功但未返回任何订阅，但可在本地Powershell中工作 [英] Azure automation: Authentication succeeds but no subscriptions are returned, works in local powershell though

问题描述

创建天蓝色的自动化运行手册时出现问题，该手册将按需复制数据库；我创建了一个凭证并存储了用于登录门户网站的帐户的u/p.密码已写在记事本中并粘贴以确保正确.

Having a problem with creating an azure automation runbook that will copy a database on demand; I've created a credential and stored the u/p of the account I use to log into the portal in it. Password was written in notepad and pasted in to ensure correct.

$Cred = Get-AutomationPSCredential -Name 'automationCredential'

Write-Output "UN: $($Cred.Username)"
Write-Output "PW: $($Cred.Password.Length)"

Add-AzureRmAccount -Credential $Cred

Write-Output "Deleting the old $TargetDatabaseName"

Remove-AzureRMSqlDatabase -ResourceGroupName "Default-SQL-NorthEurope" -ServerName $SourceServerName -DatabaseName $TargetDatabaseName -Force

Write-Output "Creating new $TargetDatabaseName with data at time $PointInTime"

New-AzureRmSqlDatabaseCopy `
    -CopyDatabaseName $TargetDatabaseName `
    -DatabaseName $SourceDatabaseName `
    -ResourceGroupName "Default-SQL-NorthEurope" `
    -ServerName $SourceServerName

调试打印似乎表明凭据是正确的，但是当执行add-azurermaccount时，它似乎可以登录但没有返回订阅

The debug prints seem to indicate the credentials are correct, but when the add-azurermaccount is carried out, it seems to log in but no subscriptions are returned

调用删除旧测试数据库后不久失败，并显示以下信息:

Soon after the call to remove the old test db fails with:

Remove-AzureRMSqlDatabase:在上下文中找不到预订.请确保您提供的凭据是 授权访问Azure订阅，然后运行Login-AzureRMAccount进行登录.

Remove-AzureRMSqlDatabase : No subscription found in the context. Please ensure that the credentials you provided are authorized to access an Azure subscription, then run Login-AzureRMAccount to login.

如果我在命令行Powershell中执行操作(唯一的区别是我叫不带参数的登录；它提示输入凭据)，那么一切就很好了

If I do the actions in the command line powershell (the only difference being I call login without parameters; it prompts for creds) then things work out just fine

我发现了一些资源，这些资源表明信用凭证是否正确，可以进行身份​​验证但不返回任何订阅-我对信用凭证进行了仔细检查，它们是准确的

I found some resources that indicate if the creds are wrong, it authenticates but returns no subscriptions - i've double checked the creds tho and they're accurate

推荐答案

在Azure中，Microsoft帐户不不支持非交互式登录.
如果要使用脚本在Runbook中登录Azure，我们可以创建服务主体来登录Azure.

In Azure, Microsoft account does not support non-interactive login.
If you want to use script to login Azure in runbook, we can create a service principal to login Azure.

我们可以使用Powershell创建Azure服务主体，有关服务主体的更多信息，请参考此链接.

We can use powershell to create Azure service principal, more information about service principal, please refer to this link.

我们可以使用服务主体登录Azure Powershell，如下所示:

We can use service principal to login Azure powershell, like this:

$subscriptionId="5384xxxx-xxxx-xxxx-xxxx-xxxxe29axxxx"
$tenantid="1fcf418e-66ed-4c99-9449-d8e18bf8737a"
$appid="1498b171-e1ca-451f-9d7a-8ef56a178b89" 
$password="7db814b1-xxxx-4654-xxxx-1d210cb546f9"
$userPassword = ConvertTo-SecureString -String $password -AsPlainText -Force
$userCredential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $clientid, $userPassword
Add-AzureRmAccount -TenantId $tenantid -ServicePrincipal -SubscriptionId $subscriptionId -Credential $userCredential 

关于创建服务主体，我们可以使用CLI 2.0来创建它，如下所示:

About create service principal, we can use CLI 2.0 to create it, like this:

az login

az account set --subscription "mySubscriptionID"

az group create -n "myResourceGroupName" -l "westus"

az ad sp create-for-rbac --role="Contributor" --scopes="/subscriptions/mySubscriptionID/resourceGroups/myResourceGroupName"

这篇关于Azure自动化:身份验证成功但未返回任何订阅，但可在本地Powershell中工作的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！