Azure 函数中的 Connect-Exchange CertificatePath
Connect-Exchange CertificatePath in Azure Function
我正在尝试了解如何在 Powershell Azure 函数中添加参数 -CertificateFilePath。在本地你只需添加路径的位置 *c:\locationpath*.
但是当在 Azure Functions 中使用时,我不确定如何从 TLS/SSL settings 中已有证书的 Function App 添加文件路径我上传证书的地方。
我见过的一种常见方法是:
Connect-ExchangeOnline -AppID $AppId -CertificateThumbprint $Thumbprint -Organization company.com
但这通常会弹出一个窗口,要求提供 select 的帐户,这就是它可能无法在函数中使用的原因。我也在尝试使用证书。
我见过的另一种方法是使用 AZ Vault,如果我的证书已经在应用程序注册中并且在 TLS/SSL 中的函数本身中,我不想使用它设置.
我只想使用我创建的服务在没有用户凭据的情况下查询 Exchange。谢谢。
As venkateshdodda-mt 建议尝试以下步骤
1 生成证书和服务主体
- 凭据
- 通过 CertificateThumbprint 和 ApplicationId
- 通过 AadAccessToken 和 AccountId
# Login to Azure AD PowerShell With Admin Account
Connect-AzureAD
# Create the self signed cert
$currentDate = Get-Date
$endDate = $currentDate.AddYears(1)
$notAfter = $endDate.AddYears(1)
$pwd = "YOUR_PASSWORD"
$thumb = (New-SelfSignedCertificate -CertStoreLocation cert:\localmachine\my -DnsName YOUR_DNS -KeyExportPolicy Exportable -Provider "Microsoft Enhanced RSA and AES Cryptographic Provider" -NotAfter $notAfter).Thumbprint
$pwd = ConvertTo-SecureString -String $pwd -Force -AsPlainText
Export-PfxCertificate -cert "cert:\localmachine\my$thumb" -FilePath YOUR_PFX_PATH.pfx -Password $pwd
# Load the certificate
$cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate("YOUR_PFX_PATH.pfx", $pwd)
$keyValue = [System.Convert]::ToBase64String($cert.GetRawCertData())
# Create the Azure Active Directory Application
$application = New-AzureADApplication -DisplayName "YOUR_APP_NAME" -IdentifierUris "https://YOUR_APP_NAME"
New-AzureADApplicationKeyCredential -ObjectId $application.ObjectId -CustomKeyIdentifier "YOUR_PASSWORD" -StartDate $currentDate -EndDate $endDate -Type AsymmetricX509Cert -Usage Verify -Value $keyValue
# Create the Service Principal and connect it to the Application
$sp = New-AzureADServicePrincipal -AppId $application.AppId
# Give the Service Principal Reader access to the current tenant (Get-AzureADDirectoryRole)
Add-AzureADDirectoryRoleMember -ObjectId 72f988bf-86f1-41af-91ab-2d7cd011db47 -RefObjectId $sp.ObjectId
# Get Tenant Detail
$tenant = Get-AzureADTenantDetail
# Now you can login to Azure PowerShell with your Service Principal and Certificate
Connect-AzureAD -TenantId $tenant.ObjectId -ApplicationId $sp.AppId -CertificateThumbprint $thumb
# Output TenantId, AppId and Thumbprint to use in azure function's script
Write-Host "TenantId: "$tenant.ObjectId
Write-Host "AppId: "$sp.AppId
Write-Host "Thumbprint: "$thumb
2 配置 Azure 函数以使用证书
3 将 AzureAD PowerShell 模块复制到 Azure 函数
4 从 Azure 函数编写 PowerShell 脚本以连接到 Azure AD
我正在尝试了解如何在 Powershell Azure 函数中添加参数 -CertificateFilePath。在本地你只需添加路径的位置 *c:\locationpath*.
但是当在 Azure Functions 中使用时,我不确定如何从 TLS/SSL settings 中已有证书的 Function App 添加文件路径我上传证书的地方。
我见过的一种常见方法是:
Connect-ExchangeOnline -AppID $AppId -CertificateThumbprint $Thumbprint -Organization company.com
但这通常会弹出一个窗口,要求提供 select 的帐户,这就是它可能无法在函数中使用的原因。我也在尝试使用证书。
我见过的另一种方法是使用 AZ Vault,如果我的证书已经在应用程序注册中并且在 TLS/SSL 中的函数本身中,我不想使用它设置.
我只想使用我创建的服务在没有用户凭据的情况下查询 Exchange。谢谢。
As venkateshdodda-mt 建议尝试以下步骤
1 生成证书和服务主体
- 凭据
- 通过 CertificateThumbprint 和 ApplicationId
- 通过 AadAccessToken 和 AccountId
# Login to Azure AD PowerShell With Admin Account
Connect-AzureAD
# Create the self signed cert
$currentDate = Get-Date
$endDate = $currentDate.AddYears(1)
$notAfter = $endDate.AddYears(1)
$pwd = "YOUR_PASSWORD"
$thumb = (New-SelfSignedCertificate -CertStoreLocation cert:\localmachine\my -DnsName YOUR_DNS -KeyExportPolicy Exportable -Provider "Microsoft Enhanced RSA and AES Cryptographic Provider" -NotAfter $notAfter).Thumbprint
$pwd = ConvertTo-SecureString -String $pwd -Force -AsPlainText
Export-PfxCertificate -cert "cert:\localmachine\my$thumb" -FilePath YOUR_PFX_PATH.pfx -Password $pwd
# Load the certificate
$cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate("YOUR_PFX_PATH.pfx", $pwd)
$keyValue = [System.Convert]::ToBase64String($cert.GetRawCertData())
# Create the Azure Active Directory Application
$application = New-AzureADApplication -DisplayName "YOUR_APP_NAME" -IdentifierUris "https://YOUR_APP_NAME"
New-AzureADApplicationKeyCredential -ObjectId $application.ObjectId -CustomKeyIdentifier "YOUR_PASSWORD" -StartDate $currentDate -EndDate $endDate -Type AsymmetricX509Cert -Usage Verify -Value $keyValue
# Create the Service Principal and connect it to the Application
$sp = New-AzureADServicePrincipal -AppId $application.AppId
# Give the Service Principal Reader access to the current tenant (Get-AzureADDirectoryRole)
Add-AzureADDirectoryRoleMember -ObjectId 72f988bf-86f1-41af-91ab-2d7cd011db47 -RefObjectId $sp.ObjectId
# Get Tenant Detail
$tenant = Get-AzureADTenantDetail
# Now you can login to Azure PowerShell with your Service Principal and Certificate
Connect-AzureAD -TenantId $tenant.ObjectId -ApplicationId $sp.AppId -CertificateThumbprint $thumb
# Output TenantId, AppId and Thumbprint to use in azure function's script
Write-Host "TenantId: "$tenant.ObjectId
Write-Host "AppId: "$sp.AppId
Write-Host "Thumbprint: "$thumb
2 配置 Azure 函数以使用证书
3 将 AzureAD PowerShell 模块复制到 Azure 函数
4 从 Azure 函数编写 PowerShell 脚本以连接到 Azure AD