使用Powershell登录到azure帐户而不会弹出窗口 [英] login to azure account without popup using powershell
问题描述
我正在尝试使用powershell创建Azure VM.我也有创建它的脚本.
I'm trying to create Azure VM using powershell.I have also the script to create it.
首先,我需要登录Azure帐户:
First I need to login into Azure account :
Login-AzureRMAccount
这将显示一个弹出窗口以输入凭据.
This gives a pop-up to enter the credentials.
第二,我需要运行以下脚本:
Second I need to run the below script:
$UserName = "username"
$Password = ConvertTo-SecureString "password" -AsPlainText -Force
$psCred = New-Object System.Management.Automation.PSCredential($UserName, $Password)
New-AzureRmVm `
-ResourceGroupName "RG1" `
-Name "VM1" `
-ImageName "Image1" `
-Location "West US" `
-Credential $psCred
这将成功创建VM.
但是现在,需要时,我需要使这些脚本自动运行.我面临的问题是,登录步骤会弹出一个对话框,以输入我不需要的凭据.所以我已经尝试过类似的方法,但是没有用.
This is creating the VM successfully.
But now , I need to make these scripts run automatically, when ever there is requirement. The problem I'm facing is, the login step gives a popup to enter the credentials which I do not want. So I have tried something like this, but didn't work.
$username = "loginname@organization.com"
$SecurePassword = ConvertTo-SecureString "password" -AsPlainText -Force
$cred = New-Object System.Management.Automation.PSCredential($username, $SecurePassword)
Login-AzureRmAccount -Credential $cred
它给出的错误消息是:
Login-AzureRmAccount : accessing_ws_metadata_exchange_failed: Accessing WS metadata exchange failed: The underlying connection was closed: An unexpected error occurred on a send.
At line:4 char:1
+ Login-AzureRmAccount -Credential $cred
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : CloseError: (:) [Connect-AzureRmAccount], AadAuthenticationFailedException
+ FullyQualifiedErrorId : Microsoft.Azure.Commands.Profile.ConnectAzureRmAccountCommand
谁能告诉我这是什么意思,以及如何纠正它?谢谢!
Can anyone tell me what this means and how to rectify this? Thanks!
推荐答案
如果您打算使用PowerShell将任何服务自动化到Azure中,那么我建议您使用 Service Principal 而不是您的Azure连接Azure拥有自己的凭据,这将是一种安全的连接方式.
If you are planning to automate any services into Azure using PowerShell, then I'd recommend connecting azure using Service Principal rather than your own credentials, it will be a secure way to connect.
Azure服务主体是用户创建的安全身份应用程序,服务和自动化工具来访问特定的Azure资源.将其视为用户身份"(用户名和密码或证书)并具有严格的权限控制.与一般用户不同,它只需要能够做特定的事情身份.如果仅授予最低要求,它将提高安全性执行其管理任务所需的权限级别.
An Azure service principal is a security identity used by user-created apps, services, and automation tools to access specific Azure resources. Think of it as a 'user identity' (username and password or certificate) with a specific role, and tightly controlled permissions. It only needs to be able to do specific things, unlike a general user identity. It improves security if you only grant it the minimum permissions level needed to perform its management tasks.
按照我还已将示例 PowerShell工作流发布到Microsoft库中以进行创建服务负责人,您也可以照做.
I also have published a sample PowerShell workflow into Microsoft gallery for creating Service Principal you can also follow that.
一旦创建了服务主体,就可以使用下面的PowerShell命令登录到Azure,而不会出现任何弹出窗口
Once you created your service principal, you can use the below PowerShell commands to login into azure without any popup's
$applicationId = "<service prinicple application id>";
$securePassword = "<service prinicple password>" | ConvertTo-SecureString -AsPlainText -Force
$credential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $applicationId, $securePassword
Connect-AzureRmAccount -ServicePrincipal -Credential $credential -TenantId "<your tenantid>"
Update1:
由于某些原因/错误,上述操作将失败.请参阅此 github问题
要解决这个问题
在脚本之前添加两行
Import-Module -Name AzureRM.Profile
Remove-AzureRmAccount
更新2:
AzureRM将不再接收新的cmdlet或功能.但是,AzureRM模块仍被正式维护,并将在2020年12月之前修复错误.
Update 2:
AzureRM will no longer receive new cmdlets or features. However, the AzureRM module is still officially maintained and will get bug fixes through December 2020.
您必须使用新的Azure PowerShell Az模块
You have to use the new Azure PowerShell Az module
这篇关于使用Powershell登录到azure帐户而不会弹出窗口的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
