无法调用new-AzureRmADApplication时投TokenCloudCredentials到AccessTokenCredential [英] Unable to cast TokenCloudCredentials to AccessTokenCredential when calling New-AzureRmADApplication
问题描述
我正在写我的自动化资源的Azure的创建和伴随ServicePrincipal一个PowerShell部署脚本。
I'm writing a PowerShell deployment script which automates the creation of my Azure resources and an accompanying ServicePrincipal.
下面是code我用,我测试过,当从PowerShell将使用最新的Azure SDK 1.0.4模块直接运行如下:
Here is the code I'm using, which I've tested and works when run directly from PowerShell with the latest Azure 1.0.4 SDK module:
$ResourceGroupName = "my-resource-group"
$ADAppIdentifierUri = [string]::Concat("https://", $ResourceGroupName, ".azurewebsites.net")
# Generate a password for the AD application
$ServicePrincipalPassword = [Guid]::NewGuid().ToString().Replace("-", "")
# Create the Azure AD Application and service principal, and only assign access to our resource group
$AzureADApplication = New-AzureRmADApplication -DisplayName $ResourceGroupName -HomePage $ADAppIdentifierUri -IdentifierUris $ADAppIdentifierUri -Password $ServicePrincipalPassword
当我用我的资源组项目部署脚本在Visual Studio中运行该code,我得到以下错误:
When I run this code using my ResourceGroup project deployment script in Visual Studio, I get the following error:
新AzureRmADApplication:无法转换类型'Microsoft.Azure.TokenCloudCredentials对象键入'Microsoft.Azure.Common.Authentication.AccessTokenCredential
New-AzureRmADApplication : Unable to cast object of type 'Microsoft.Azure.TokenCloudCredentials' to type 'Microsoft.Azure.Common.Authentication.AccessTokenCredential'.
据堆栈跟踪异常是在命令新建-AzureRmADApplication开始提高,所以异常是在Azure SDK code内部发生的不幸。
According to the stack trace the exception was raised at the start of the command New-AzureRmADApplication, so the exception is happening internally in the Azure SDK code unfortunately.
我浏览过的SDK源$ C $ C在以下文件中,找不到任何见解:
I've browsed the source code of the SDK in the following files and could not find any insight:
<一个href=\"https://github.com/Azure/azure-powershell/blob/f803b991daa7eeeea1217238ab071c8d83de34be/src/ResourceManager/Resources/Commands.Resources/ActiveDirectory/NewAzureADApplicationCommand.cs\" rel=\"nofollow\">https://github.com/Azure/azure-powershell/blob/f803b991daa7eeeea1217238ab071c8d83de34be/src/ResourceManager/Resources/Commands.Resources/ActiveDirectory/NewAzureADApplicationCommand.cs
<一个href=\"https://github.com/Azure/azure-powershell/blob/956d0ca795acfce67d8f142bf059ab2b8ab2c67b/src/ResourceManager/Resources/Commands.Resources/Models.ActiveDirectory/ActiveDirectoryClient.cs\" rel=\"nofollow\">https://github.com/Azure/azure-powershell/blob/956d0ca795acfce67d8f142bf059ab2b8ab2c67b/src/ResourceManager/Resources/Commands.Resources/Models.ActiveDirectory/ActiveDirectoryClient.cs
<一个href=\"https://www.symbolsource.org/Public/Metadata/NuGet/Project/Microsoft.Azure.Graph.RBAC/1.6.0-$p$pview/Release/.NETFramework,Version%3Dv4.0/Microsoft.Azure.Graph.RBAC/Microsoft.Azure.Graph.RBAC/Generated/GraphRbacManagementClient.cs?ImageName=Microsoft.Azure.Graph.RBAC\" rel=\"nofollow\">https://www.symbolsource.org/Public/Metadata/NuGet/Project/Microsoft.Azure.Graph.RBAC/1.6.0-$p$pview/Release/.NETFramework,Version%3Dv4.0/Microsoft.Azure.Graph.RBAC/Microsoft.Azure.Graph.RBAC/Generated/GraphRbacManagementClient.cs?ImageName=Microsoft.Azure.Graph.RBAC
我只能找到是谁遇到这个同样的错误,在这里这个链接一个人:
<一href=\"https://azure.microsoft.com/en-us/documentation/articles/resource-group-authenticate-service-principal/\" rel=\"nofollow\">https://azure.microsoft.com/en-us/documentation/articles/resource-group-authenticate-service-principal/
I can only find one person who's encountered this same error at this link here: https://azure.microsoft.com/en-us/documentation/articles/resource-group-authenticate-service-principal/
然而,该解决方案不会因为我不使用管理证书来验证道理给我,我也不会对manage.windowsazure.com网站上列出的任何管理证书。
However, the solution there does not make sense to me because I am not using a management certificate to authenticate, and I don't have any management certificates listed on the manage.windowsazure.com site.
推荐答案
这使用基于令牌认证时与AzureRMAD * cmdlet的是一个问题(即漏洞)。当您从VS脚本,VS使用你从VS登录必须避免提示输入身份验证令牌。要解决它,你要在外面跑它使用的凭据VS的。
This is an issue (i.e. bug) when using token based authentication with the AzureRMAD* cmdlets. When you run the script from VS, VS uses the token you have from the VS sign-in to avoid prompting for auth. To work around it, you have to run it outside of VS using credentials.
有一个内部工作项跟踪这一点,但如果你要监控进展情况,您可以在这里提交一个问题:的 https://github.com/Azure/azure-powershell/issues/
There is an internal work item tracking this but if you want to monitor progress you can file an issue here: https://github.com/Azure/azure-powershell/issues/
这篇关于无法调用new-AzureRmADApplication时投TokenCloudCredentials到AccessTokenCredential的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
