Windows Azure AD authentication support for PowerShell

Last week Microsoft announced several fantastic updates to Windows Azure.

One of the updates I’m really excited about is the new Windows Azure Active Directory authentication support in PowerShell.  Previously to allow the Windows Azure PowerShell cmdlets to authenticate with Windows Azure, you’re only choice was via a management certificate.  There were two options to get that certificate:

  1. Download a .publishsettings file and import the file (Get-AzurePublishSettingsFile and Import-AzurePublishSettingsFile)
  2. Create a cert yourself and configure it in PowerShell (see my previous post)

While not a bad way to go, they came with the overhead of deal with management certs.

Configuring Windows Azure Active Directory authentication in PowerShell

1) Get-AzureAccount – To start with, let’s run the Get-AzureAccount cmdlet to see what accounts are already configured.  Since this is my first time, there shouldn’t be any listed.

get_azureaccount

2) Add-AzureAccount – this will open a browser dialog prompting me to authenticate with the Microsoft Account (formerly Live ID) that I want to use for managing my Windows Azure subscriptions.  For me, this one Microsoft Account is a co-admin on multiple subscriptions, and just happens to be a user in multiple Windows Azure AD tenants.

add_azureaccount_login_1

add_azureaccount_login_2

3)  That’s pretty much it.  If I try to list all my subscriptions, I’ll can easily do that with Get-AzureSubscription.  Notice how there is a “ActiveDirectoryUserId” field.

add_azureaccount

get_azuresubscription

What did this actually do?

If I browse to my user profile directory (C:\Users\<username>\AppData\Roaming\Windows Azure Powershell), I can view the WindowsAzureProfile.xml file.  This is the file that was updated as a result of the Add-AzureAccount cmdlet.  It is basically what gets dumped when executing the Get-AzureSubscription cmdlet.

As noted here, the Windows Azure AD credentials available to PowerShell are good only for 12 hours.

See the most recent Windows Azure PowerShell change log at https://raw.github.com/WindowsAzure/azure-sdk-tools/master/ChangeLog.txt.

About these ads
Tagged with: ,
Posted in PowerShell, Windows Azure
3 comments on “Windows Azure AD authentication support for PowerShell
  1. Do you happen to know where I can register my own application for authenticating in the same way as the powershell tools. In my application I took the client ID and redirect URI from the powershell tools and was able to authenticate and manage my azure subscription. But I assume its not intended that my application should use the same client id, but cant find any information about where I can register my app. (I am creating a bootstrapping app for deploying a webrole to our users, so user log in from my app to azure and deploy our webrole).

  2. […] Windows Azure AD Authentication Support for PowerShell (posted October 28th) […]

  3. […] Windows Azure AD Authentication Support for PowerShell (posted October 28th) […]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow Michael S. Collier's Blog on WordPress.com
Follow

Get every new post delivered to your Inbox.

Join 1,884 other followers

%d bloggers like this: