auto login Azure powershell

Solution 1

You can actually do it. Follow this process:

Open the Azure PowerShell initialization file at "C:\Program Files (x86)\Microsoft SDKs\Azure\PowerShell\ServiceManagement\Azure\Services\ShortcutStartup.ps1" for 64-bit OS or "C:\Program Files\Microsoft SDKs\Azure\PowerShell\ServiceManagement\Azure\Services\ShortcutStartup.ps1" for 32-bit OS.

Add the following code just after the statement $VerbosePreference="Continue"

$username = "<username>"
$password = "<password>"
$secpasswd = ConvertTo-SecureString $password -AsPlainText -Force
$cred = New-Object System.Management.Automation.PSCredential ($userName, $secpasswd)
Add-AzureAccount -Credential $cred

That should do the auto login for you

@Update: For Azure ARM mode, the command would be Login-AzureRMAccount -Credential $cred. This might not work with Microsoft accounts though.

Solution 2

Once you use the use the Import-AzurePublishSettingsFile the data from there is saved in a subscription data file in the user's profile (by default at : %userprofile%\AppData\Roaming\Windows Azure Powershell\WindowsAzureProfile.xml). It also takes the certificate with the private key from the settings file and saves it into the machine's certificate store so that the subscription data file only contains the thumbprint for the cert. That subscription data file is then used even across sessions so that you don't have to keep importing. Using the -SubscriptionDataFile parameter you can actually write the file to a different location if you want.

Note that this also means that anyone that can get access to your machine and open a PowerShell windows will be able to use your cmdlets to affect any/all subscriptions that are imported in this manner.

One thing to note here is that if you are keeping your Publish Settings file around you have a file which has a complete copy of the private key to your manage certificate. If that file were to be taken from you without you realizing it someone would then have all they need to possibly do irrevocable harm to your subscription. I'd recommend keeping a copy of the SubscriptionDataFile instead once the certificate has been loaded into the machine's certificate store. You can then use Set-AzureSubscription and point to the subscription data file to pull in the subscriptions if they get removed for some reason.

If you use the Add-AzureAccount, once you log in, it will also store pretty much the same data in the same file; however, it is keeping track of the token from Azure AD. That means that eventually the token will expire and you'd have to log in again anyway. Currently using the Add-AzureAccount is good for interactive scripts only as in PowerShell there isn't a good way to store or pass the credentials that I'm aware of.

So, if you use the import publish settings file you shouldn't have to keep importing unless you've done a remove-azuresubscription or that subscription data file has been removed. If you are using PowerShell 3 the Azure Module should be automatically loaded for you unless you've turned off autoload.

Solution 3

I believe what you are asking for is to authenticate to Azure from Powershell, without having to provide your username and password - which is your service administrator credentials.

A way to do that is to create what is called a Service Principal. This concept is to authenticate to Azure, not as a service administrator - which requires you to enter credentials, but as a service account which has the same permissions.

Here is how you can do that.

Import-Module azure;
Get-AzurePublishSettingsFile YourPath
Add-AzureAccount YourAccount

Author by

Blue Clouds

Apparently, as stack-overflow said, I prefer to keep an air of mystery about me. Still, I am an Amsterdam based consultant/developer who specializes in Microsoft Azure, Data analytics and IoT. Other topics of interest include Containers, Cloud and Integration testing. email : TheBlueClouds at Hotmail dot Com

Updated on June 17, 2022