使用Azure AD Join设备标识从PowerShell连接到Function应用程序

gtlvzcf8  于 2023-11-21  发布在  Shell
关注(0)|答案(1)|浏览(118)

我有一个内部报告应用程序,我在系统环境中运行它?
我想使用本地Azure广告标识连接并验证已配置为Azure AD集成的应用程序。
看起来设备上有一个从Azure AD域加入注册的证书-但我如何使用该证书来获取函数应用程序的令牌?

ubof19bj

ubof19bj1#

要使用Azure AD Joined App或Azure AD应用启用Function App身份验证,请参阅以下步骤:-
x1c 0d1x的数据
在密钥保管库中添加Azure AD证书,并通过访问策略或RBAC向Azure AD应用程序给予访问证书的权限,请参阅此处

然后在Powershell函数HTTP触发器中运行以下代码:-

using namespace System.Security.Cryptography.X509Certificates

# Define your AppId, TokenURI, and Resource
$AppId = "xxxxb838-6d26a31435cb"
$TokenURI = "https://login.microsoftonline.com/7xxxxf3b-4425-a6b6-09b47643ec58/oauth2/token"
$Resource = "https://management.core.windows.net/"

# Define the URL of the certificate stored in Azure Key Vault
$CertificateUrl = "https://your-keyvault.vault.azure.net/secrets/your-certificate-secret"

# Prepare the body request
$BodyRequest = @{
    grant_type = "client_credentials"
    client_id = $AppId
    client_assertion_type = "urn:ietf:params:oauth:client-assertion-type:jwt-bearer"
    client_assertion = [System.Convert]::ToBase64String((Get-AzKeyVaultCertificateOperation -VaultName "your-keyvault" -CertificateName "your-certificate-name").Result)
    resource = $Resource
}

$AccessToken = Invoke-RestMethod -Method Post -Uri $TokenURI -Body $BodyRequest

# Now you can make the request to list all resources
$SubscriptionId = "6912d7a0-bc28-459a-9407-33bbba641c07"

$RequestURI = "https://management.azure.com/subscriptions/$SubscriptionId/resources?api-version=2021-04-01"

$Headers = @{
    Authorization = "Bearer " + $AccessToken.access_token
}

$ResourceRequest = Invoke-RestMethod -Method Get -Uri $RequestURI -Headers $Headers

# Return the results as a response
$Response = @{
    StatusCode = 200
    Body = $ResourceRequest.value | ConvertTo-Json
}

字符串
对于相同的场景,请参考此SO thread answer

相关问题