Wednesday, October 19, 2016

Login to Azure with Publish Settings File

This blog is about logging to azure with Publish Settings File. In the last post you have seen that we have used Add-AzureAccount  or Azure Login (in case of commands)

So why We need this another method, think of a situation where you want automation via power-shell scripts , also there are applications such as visual studio that utilize this method for ease of deployments.

Let's get started in the same way as we did before.

  • Launch Powershell - ADD-AzureAccount and logincapture


 

  • Now Just type Get-AzurePublishSettingsFile, browser will open & you need to login with your azure credentials.

  • Publishing file will get downloaded to your PC downloads folder.capture


Go back to Powershell & import this publish settings file.

Import-AzurePublishSettingsFile "C:\publishsettingsfilelocation"

Ones imported you can see that a certificate is installed on your machine and is valid for a year.

capture

I have read somewhere that you can generate up to 1o of these files, This limit may have changed as azure is evolving at a very rapid pace & things keep updating.

Don't forget to delete the publish settings file after the import.

Let us now check on screen by using Get-azureaccount , you can see the certificate as well along with my user account.

capture

I will now log out of user session by using Remove-AzureAccount & relaunch the powershell session again.

This time we will see certificate only login & no user account.

capture

lets start one VM using this method & boom..:)

capture

Just for testing go to windows store, delete that certificate & try to work with azure again, you will not be able to do anything, instead will receive a error about the certificate.

You can manage these certificates by login to portal --> settings --> management certificates (you can delete if you want to revoke the access)

capture

From Azure Classic Portal:

Client tools such as Visual Studio, Azure SDKs, and Windows PowerShell may use management certificates to authenticate access to Azure. Management certificates are public key certificates based on the X.509 standard. A copy of the certificate with the private key (usually a *.pfx file) on the client is validated against the certificate saved here with the public and private key (a *.cer file). If the validation is successful, access is allowed. Management certificates may be used in addition to or instead of signing in with a Microsoft account or organizational account.

Each management certificate is associated with a Azure subscription, so the subscription name and ID are shown along with the certificate thumbprint. Some tools and programmatic operations may require this information explicitly. If the tools or services you use require a management certificate, the easiest way to create client and server certificates is to generate and download a subscription file (formerly a publishsettings file). You may also choose to generate valid X.509 certificates yourself, and then click Upload to specify the .cer file.

Certificates and certificate information can be exploited by malicious users. Use these files only when necessary and carefully safeguard the files and information

Regards

Sukhija Vikas

http://msexchange.me

No comments:

Post a Comment