powershell 使用Azure PowerShell 1.0中的证书创建服务主体以进行身份​​验证

Posted

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了powershell 使用Azure PowerShell 1.0中的证书创建服务主体以进行身份​​验证相关的知识,希望对你有一定的参考价值。

# Login to Azure PowerShell
Login-AzureRmAccount

# Create the self signed cert
$currentDate = Get-Date
$endDate = $currentDate.AddYears(1)
$notAfter = $endDate.AddYears(1)
$pwd = "P@ssW0rd1"
$thumb = (New-SelfSignedCertificate -CertStoreLocation cert:\localmachine\my -DnsName com.foo.bar -KeyExportPolicy Exportable -Provider "Microsoft Enhanced RSA and AES Cryptographic Provider" -NotAfter $notAfter).Thumbprint
$pwd = ConvertTo-SecureString -String $pwd -Force -AsPlainText
Export-PfxCertificate -cert "cert:\localmachine\my\$thumb" -FilePath c:\certificates\examplecert.pfx -Password $pwd

# Load the certificate
$cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate("C:\certificates\examplecert.pfx", $pwd)
$keyValue = [System.Convert]::ToBase64String($cert.GetRawCertData())
$keyId = [guid]::NewGuid()
Import-Module AzureRM.Resources
$keyCredential = New-Object  Microsoft.Azure.Commands.Resources.Models.ActiveDirectory.PSADKeyCredential
$keyCredential.StartDate = $currentDate
$keyCredential.EndDate= $endDate
$keyCredential.KeyId = $keyId
$keyCredential.Type = "AsymmetricX509Cert"
$keyCredential.Usage = "Verify"
$keyCredential.Value = $keyValue

# Create the Azure Active Directory Application
$azureAdApplication = New-AzureRmADApplication -DisplayName "<Your Application Display Name>" -HomePage "<https://YourApplicationHomePage>" -IdentifierUris "<https://YouApplicationUri>" -KeyCredentials $keyCredential  

# Create the Service Principal and connect it to the Application
New-AzureRmADServicePrincipal -ApplicationId $azureAdApplication.ApplicationId

# Give the Service Principal Reader access to the current subscription
New-AzureRmRoleAssignment -RoleDefinitionName Reader -ServicePrincipalName $azureAdApplication.ApplicationId

# Now you can login to Azure PowerShell with your Service Principal and Certificate
Login-AzureRmAccount -TenantId (Get-AzureRmContext).Tenant.TenantId -ServicePrincipal -Certificate Thumbprint $thumb -ApplicationId $azureAdApplication.ApplicationId

以上是关于powershell 使用Azure PowerShell 1.0中的证书创建服务主体以进行身份​​验证的主要内容,如果未能解决你的问题,请参考以下文章

使用 PowerShell 自动登录Azure

使用 PowerShell 自动登录 Azure

Microsoft Azure系列之四 Micorosft Azure Powershell 管理

如何使用 Python 中的参数运行 PowerShell 脚本

如何使用 Powershell 中的快照创建 Azure 托管磁盘

Windows 上安装 Azure PowerShell及Azure PowerShell部署虚拟机