[英]login to azure account without popup using powershell
I'm trying to create Azure VM using powershell.I have also the script to create it.我正在尝试使用 powershell 创建 Azure VM。我也有创建它的脚本。
First I need to login into Azure account :首先,我需要登录 Azure 帐户:
Login-AzureRMAccount
This gives a pop-up to enter the credentials.这会弹出一个输入凭据的窗口。
Second I need to run the below script:其次,我需要运行以下脚本:
$UserName = "username"
$Password = ConvertTo-SecureString "password" -AsPlainText -Force
$psCred = New-Object System.Management.Automation.PSCredential($UserName, $Password)
New-AzureRmVm `
-ResourceGroupName "RG1" `
-Name "VM1" `
-ImageName "Image1" `
-Location "West US" `
-Credential $psCred
This is creating the VM successfully.这是成功创建VM。
But now , I need to make these scripts run automatically, when ever there is requirement.但是现在,我需要让这些脚本在需要时自动运行。 The problem I'm facing is, the login step gives a popup to enter the credentials which I do not want.
我面临的问题是,登录步骤会弹出一个窗口来输入我不想要的凭据。 So I have tried something like this, but didn't work.
所以我尝试过这样的事情,但没有奏效。
$username = "loginname@organization.com"
$SecurePassword = ConvertTo-SecureString "password" -AsPlainText -Force
$cred = New-Object System.Management.Automation.PSCredential($username, $SecurePassword)
Login-AzureRmAccount -Credential $cred
The error message it is giving is :它给出的错误消息是:
Login-AzureRmAccount : accessing_ws_metadata_exchange_failed: Accessing WS metadata exchange failed: The underlying connection was closed: An unexpected error occurred on a send.
At line:4 char:1
+ Login-AzureRmAccount -Credential $cred
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : CloseError: (:) [Connect-AzureRmAccount], AadAuthenticationFailedException
+ FullyQualifiedErrorId : Microsoft.Azure.Commands.Profile.ConnectAzureRmAccountCommand
Can anyone tell me what this means and how to rectify this?谁能告诉我这是什么意思以及如何纠正? Thanks!
谢谢!
If you are planning to automate any services into Azure using PowerShell, then I'd recommend connecting azure using Service Principal rather than your own credentials , it will be a secure way to connect.如果您打算使用 PowerShell 将任何服务自动化到 Azure 中,那么我建议您使用Service Principal而不是您自己的凭据来连接 azure,这将是一种安全的连接方式。
An Azure service principal is a security identity used by user-created apps, services, and automation tools to access specific Azure resources.
Azure 服务主体是用户创建的应用、服务和自动化工具用来访问特定 Azure 资源的安全标识。 Think of it as a 'user identity' (username and password or certificate) with a specific role, and tightly controlled permissions.
将其视为具有特定角色和严格控制权限的“用户身份”(用户名和密码或证书)。 It only needs to be able to do specific things, unlike a general user identity.
它只需要能够做特定的事情,不像一般的用户身份。 It improves security if you only grant it the minimum permissions level needed to perform its management tasks.
如果您只授予它执行其管理任务所需的最低权限级别,它会提高安全性。
Follow this tutorial to create a service principal按照本教程创建服务主体
I also have published a sample PowerShell workflow into Microsoft gallery for creating Service Principal you can also follow that.我还在Microsoft 库中发布了一个示例PowerShell 工作流程,用于创建服务主体,您也可以遵循该流程。
Once you created your service principal, you can use the below PowerShell commands to login into azure without any popup's创建服务主体后,您可以使用以下 PowerShell 命令登录 azure,而不会出现任何弹出窗口
$applicationId = "<service prinicple application id>";
$securePassword = "<service prinicple password>" | ConvertTo-SecureString -AsPlainText -Force
$credential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $applicationId, $securePassword
Connect-AzureRmAccount -ServicePrincipal -Credential $credential -TenantId "<your tenantid>"
For some reason/bug the above will get fails.由于某种原因/错误,上述内容将失败。 Refer this github issue
参考这个github问题
To solve this为了解决这个
Add the two lines before the script在脚本前添加两行
Import-Module -Name AzureRM.Profile
Remove-AzureRmAccount
AzureRM will no longer receive new cmdlets or features. AzureRM 将不再接收新的 cmdlet 或功能。 However, the AzureRM module is still officially maintained and will get bug fixes through December 2020.
但是,AzureRM 模块仍处于官方维护状态,并将在 2020 年 12 月之前修复错误。
You have to use the new Azure PowerShell Az module您必须使用新的 Azure PowerShell Az 模块
Basically you can achieve this for all of your PowerShell sessions by adding the Logging in part as part of the $PSProfile.基本上,您可以通过将 Logging 部分添加为 $PSProfile 的一部分来为所有 PowerShell 会话实现此目的。 I use this trick to skip the login popup, so whenever i open powershell my account is automatically logged in.
我使用这个技巧跳过登录弹出窗口,所以每当我打开 powershell 时,我的帐户都会自动登录。
A notepad file will be opened and here you can paste the below code to log in automatically whenever it is opened.将打开一个记事本文件,您可以在此处粘贴以下代码以在打开时自动登录。
$username = “” $password = “” $securepasswd = ConvertTo-SecureString $password -AsPlainText -Force $cred = New-Object System.Management.Automation.PSCredential ($username, $ securepasswd) Connect-AzureRmAccount -Credential $cred
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.