How does Azure PowerShell work with auth based username / password?

Question

How does Azure PowerShell work with auth based username / password?

I want to understand how Azure PowerShell makes Azure API calls using credentials with an AAD username / password.

I understand that an Azure API application requires a client identifier. This customer ID must be registered with the user account.

Does Azure PowerShell have a client identifier? If so, how does it work without explicitly registering it using Azure accounts? Is this a special identifier that has been whitelisted through accounts?

+4

authentication powershell azure azure-powershell

dhaundy May 26 '15 at 9:35

source share

2 answers

jgrenier · Answer 1 · 2015-05-26T19:12:47+0000

Azure Active Directory Azure Powershell. Azure AD, Add-AzureAccount:

$username = "admin@your_account.onmicrosoft.com"
$password = "SuperSecretPassword" | ConvertTo-SecureString -AsPlainText -Force

$credential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $username, $password 
Add-AzureAccount -Credential $credential

, Azure PowerShell, - ( Microsoft) Azure AD.

, Azure PowerShell ( "1950a258-227b-4e31-a9cf-717495945fc2" ). Azure Powershell PowerShell Azure AD, API Azure:

# Load Active Directory Authentication Library (ADAL) Assemblies
$adal = "${env:ProgramFiles(x86)}\Microsoft SDKs\Azure\PowerShell\ServiceManagement\Azure\Services\Microsoft.IdentityModel.Clients.ActiveDirectory.dll"
$adalforms = "${env:ProgramFiles(x86)}\Microsoft SDKs\Azure\PowerShell\ServiceManagement\Azure\Services\Microsoft.IdentityModel.Clients.ActiveDirectory.WindowsForms.dll"
[System.Reflection.Assembly]::LoadFrom($adal)
[System.Reflection.Assembly]::LoadFrom($adalforms)

# Set Azure AD Tenant name
$adTenant = "yourtenant.onmicrosoft.com" 

# Set well-known client ID for Azure PowerShell
$clientId = "1950a258-227b-4e31-a9cf-717495945fc2" 

# Set redirect URI for Azure PowerShell
$redirectUri = "urn:ietf:wg:oauth:2.0:oob"

# Set Resource URI to Azure Service Management API
$resourceAppIdURI = "https://management.core.windows.net/"

# Set Authority to Azure AD Tenant
$authority = "https://login.windows.net/$adTenant"

# Set user credentials (*** obviously you wouldn't have the password in clear text in a production script ***)
$userName = "admin@your_tenant.onmicrosoft.com"
$password = "SecretPassword"
$creds = New-Object "Microsoft.IdentityModel.Clients.ActiveDirectory.UserCredential" -ArgumentList $userName,$password

# Create AuthenticationContext tied to Azure AD Tenant
$authContext = New-Object "Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext" -ArgumentList $authority

# Acquire token
$authResult = $authContext.AcquireToken($resourceAppIdURI,$clientId,$creds)

Frank Q. · Answer 2 · 2017-02-19T04:32:50+0000

, , Azure PowerShell.

, .

a) , , -, -api . , Azure AD.

b) - api.

c) web api knownClientIds, . , , - , SPN Web API, . . .

, , -API (, Azure powerShell). URI APP ( URI) , .

- ADAL API. API,

var uc = new UserCredential(userName, userPassword); authresult = context.AcquireToken(webapiresourceid, nativeclientID, uc);

AADSTS65001: The user or administrator has not consented to use the application with ID '<app id guid>'. Send an interactive authorization request for this user and resource.

, , -API . , -.

, API, ( )

result = context.AcquireToken( webapiresourceid, nativeclientID, new Uri("nativeclientRedirectURI"), PromptBehavior.Auto, new UserIdentifier(userName, UserIdentifierType.RequiredDisplayableId));

. URI , Azure PowerShell .

How does Azure PowerShell work with auth based username / password?

More articles: