我如何设置我的Azure帐户以通过REST API进行ARM部署?
[英]How can I set up my Azure account in order to make ARM deployments via the REST API?
问题描述
I have an Azure accounts and I want to make deployment of ARM templates using the ASP.NET libraries. 
我有一个Azure帐户,我想使用ASP.NET库进行ARM模板的部署。 I've noticed that in the Azure Portal generated Deployment class (in the DeploymentHelper.cs file that I've downloaded from the Portal) I have the following fields that I need to provide my own data: 我注意到,在Azure Portal生成的Deployment类中(在我从Portal下载的DeploymentHelper.cs文件中),我需要提供以下字段以提供自己的数据:
string subscriptionId = "your-subscription-id";
string clientId = "your-service-principal-clientId";
string clientSecret = "your-service-principal-client-secret";
string resourceGroupName = "resource-group-name";
string deploymentName = "deployment-name";
string resourceGroupLocation = "resource-group-location";
string pathToTemplateFile = "path-to-template.json-on-disk";
string pathToParameterFile = "path-to-parameters.json-on-disk";
string tenantId = "tenant-id";
I'm having a hard time with these: 我在这些方面遇到了困难:
string clientId = "your-service-principal-clientId";
string clientSecret = "your-service-principal-client-secret";
I know that the subscriptionId I can get in the Subscriptions blade. 我知道可以在“ 订阅”刀片中获得的subscriptionId 。 I also know that the tenantId I can get in the Azure Active Directory > Properties blade under the Directory ID field. 我也知道可以在“ 目录ID”字段下的“ Azure Active Directory”>“属性”刀片中获得的tenantId 。
I have followed this documentation page in order to try and set up an App Registration on Azure Active Directory , which I've read is what I need to obtain the cliendId and clientSecret values. 我已遵循此文档页面 ,以尝试在Azure Active Directory上设置应用程序注册 ,我已阅读该文件 ,以获得cliendId和clientSecret值。 I think it's worth mentioning I have no experience whatsoever with Active Directory or Azure Active Directory . 我认为值得一提的是,我对Active Directory或Azure Active Directory毫无经验。
When following the docs my first issue is with this blade: 当遵循文档时,我的第一个问题是关于此刀片的:
I don't know what I should put in the " Sign-on URL " field. 我不知道应该在“ 登录URL ”字段中输入什么。 I've tried filling it with my personal website just because it's required (probably my first mistake). 我试图用我的个人网站填充它只是因为它是必需的(可能是我的第一个错误)。 Then with the Registered App I go in " Application ID " and use the value as clientId within my code. 然后,使用已注册的应用程序,进入“ 应用程序ID ”,并在代码中使用该值作为clientId 。
I then generate the key in the " Settings " blade and use it as the clientSecret within my code. 然后,我在“ 设置 ”刀片中生成密钥,并将其用作代码中的clientSecret 。
However when I run my code I get the following error: 但是,当我运行代码时,出现以下错误:
Exception thrown: 'Microsoft.Rest.Azure.CloudException' in System.Private.CoreLib.dll
An exception of type
'Microsoft.Rest.Azure.CloudException' occurred in System.Private.CoreLib.dll but was not handled in user code
Operation returned an invalid status code 'Forbidden'
I wouldn't want to do any fancy Azure AD set up in order to make deployments via Azure. 我不想进行任何精美的Azure AD设置以便通过Azure进行部署。 I'm trying this on my personal account, so it's not like a have an AD environment set up. 我正在用我的个人帐户尝试此操作,因此这与设置AD环境不同。
1 个解决方案
解决方案1
1 已采纳 2018-07-11 01:40:13
I don't know what I should put in the "Sign-on URL" field.
If you develop a WebApplication, you could Webapplication address it as sign-on url. 如果开发Web应用程序,则可以将Web应用程序作为登录URL进行寻址。 In your case your could add a vaild url address. 根据您的情况,您可以添加无效的网址。 And you could add your personal website. 您可以添加您的个人网站。
Operation returned an invalid status code 'Forbidden'
It means that you have no access to deploy the resource to the subscription. 这意味着您无权将资源部署到订阅。
You need to assgin role to the WebApplication. 您需要将角色提升到WebApplication。 For more information, refer to how to registry an Azure AD application and assigin role . 有关更多信息,请参考如何注册Azure AD应用程序和助理角色 。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.