使用powershell登录azure帐户而不弹出

Question

I'm trying to create Azure VM using powershell.I have also the script to create it.

First I need to login into Azure account :

Login-AzureRMAccount

This gives a pop-up to enter the credentials.

Second I need to run the below script:

$UserName = "username"
$Password = ConvertTo-SecureString "password" -AsPlainText -Force
$psCred = New-Object System.Management.Automation.PSCredential($UserName, $Password)    
New-AzureRmVm `
    -ResourceGroupName "RG1" `
    -Name "VM1" `
    -ImageName "Image1" `
    -Location "West US" `
    -Credential $psCred

This is creating the VM successfully.
But now , I need to make these scripts run automatically, when ever there is requirement. The problem I'm facing is, the login step gives a popup to enter the credentials which I do not want. So I have tried something like this, but didn't work.

$username = "loginname@organization.com"
$SecurePassword = ConvertTo-SecureString "password" -AsPlainText -Force
$cred = New-Object System.Management.Automation.PSCredential($username, $SecurePassword)
Login-AzureRmAccount -Credential $cred 

The error message it is giving is :

Login-AzureRmAccount : accessing_ws_metadata_exchange_failed: Accessing WS metadata exchange failed: The underlying connection was closed: An unexpected error occurred on a send.
At line:4 char:1
+ Login-AzureRmAccount -Credential $cred
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : CloseError: (:) [Connect-AzureRmAccount], AadAuthenticationFailedException
    + FullyQualifiedErrorId : Microsoft.Azure.Commands.Profile.ConnectAzureRmAccountCommand

Can anyone tell me what this means and how to rectify this? Thanks!

Answer 1

If you are planning to automate any services into Azure using PowerShell, then I'd recommend connecting azure using Service Principal rather than your own credentials , it will be a secure way to connect.

What is Service principal?

An Azure service principal is a security identity used by user-created apps, services, and automation tools to access specific Azure resources. Think of it as a 'user identity' (username and password or certificate) with a specific role, and tightly controlled permissions. It only needs to be able to do specific things, unlike a general user identity. It improves security if you only grant it the minimum permissions level needed to perform its management tasks.

Follow this tutorial to create a service principal

I also have published a sample PowerShell workflow into Microsoft gallery for creating Service Principal you can also follow that.

Once you created your service principal, you can use the below PowerShell commands to login into azure without any popup's

$applicationId = "<service prinicple application id>";
$securePassword = "<service prinicple password>" | ConvertTo-SecureString -AsPlainText -Force
$credential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $applicationId, $securePassword
Connect-AzureRmAccount -ServicePrincipal -Credential $credential -TenantId "<your tenantid>"

Update1:

For some reason/bug the above will get fails. Refer this github issue

To solve this

Add the two lines before the script

Import-Module -Name AzureRM.Profile
Remove-AzureRmAccount

---

Update 2:

AzureRM will no longer receive new cmdlets or features. However, the AzureRM module is still officially maintained and will get bug fixes through December 2020.

You have to use the new Azure PowerShell Az module

Answer 2

Basically you can achieve this for all of your PowerShell sessions by adding the Logging in part as part of the $PSProfile. I use this trick to skip the login popup, so whenever i open powershell my account is automatically logged in.

• Open Windows PowerShell as an administrator
• Type Notepad $profile

• A notepad file will be opened and here you can paste the below code to log in automatically whenever it is opened.

   $username = “” $password = “” $securepasswd = ConvertTo-SecureString $password -AsPlainText -Force $cred = New-Object System.Management.Automation.PSCredential ($username, $ securepasswd) Connect-AzureRmAccount -Credential $cred