Creating a service principal using the Azure CLI

-

Step 1.

First log into the Azure CLI 

az login --use-device-code

Next lets get our <subscriptionId> guid:

az account show --query id --output tsv

Result: 

EG: 929133e1-d1d4-4af3-a15d-f935b119ded9

Step 2.

We need to create a service principal that will do the deployments as we test in VS code.

az ad sp create-for-rbac --name <displayName> --skip-assignment

Result:
{

  "appId": <appId>,
  "displayName": <displayName>,
  "password": <password>,
  "tenant": <tenantId>
}

Step 3.

Lets assign some roles using the <appId> and the <subscriptionId> retrieved in the previous command.

# Assign the Contributor role
az role assignment create --assignee <appId> --role "Contributor" --scope "/subscriptions/<subscriptionId>"

# Assign another role, e.g., Reader
az role assignment create --assignee <appId> --role "Reader" --scope "/subscriptions/<subscriptionId>"

# Assign another role, e.g., Key Vault Contributor
az role assignment create --assignee <appId> --role "Key Vault Contributor" --scope "/subscriptions/<subscriptionId>"

# Assign another role, e.g., Key Vault Crypto Officer
az role assignment create --assignee <appId> --role "Key Vault Crypto Officer" --scope "/subscriptions/<subscriptionId>"

# Assign another role, e.g., Key Vault Reader
az role assignment create --assignee <appId> --role "Key Vault Reader" --scope "/subscriptions/<subscriptionId>"

# Assign another role, e.g., Key Vault Secrets User
az role assignment create --assignee <appId> --role "Key Vault Secrets User" --scope "/subscriptions/<subscriptionId>"

# Assign another role, e.g., Key Vault Certificates Officer
az role assignment create --assignee <appId> --role "Key Vault Certificates Officer" --scope "/subscriptions/<subscriptionId>"

# Assign another role, e.g., Key Vault Administrator
az role assignment create --assignee <appId> --role "Key Vault Administrator" --scope "/subscriptions/<subscriptionId>"

Step 4. 

On your development machine, log in as a service principal you just created.

az login 

--service-principal 

--username <appId>

--password <password>

--tenant <tenantId>


Step 5.

Verify your role assignments

az role assignment list --assignee <appId>





Comments

Post a Comment

Popular posts from this blog

Configuring Any .NET 9.0 Program to Run in Docker: A Step-by-Step Guide

-
Docker provides a consistent runtime environment for running .NET applications, enabling seamless development and deployment across various platforms. This guide explains how to configure any .NET program to run in Docker, explores project types compatible with Docker, and provides examples for Web API and Console Applications . Understanding the Docker Configuration in launchSettings.json The launchSettings.json file in .NET projects includes profiles for debugging and running applications. When configured for Docker, a typical profile might look like this: json "Container (Dockerfile)" : { "commandName" : "Docker" , "launchUrl" : "{Scheme}://{ServiceHost}:{ServicePort}" , "environmentVariables" : { "ASPNETCORE_HTTPS_PORTS" : "8081" , "ASPNETCORE_HTTP_PORTS" : "8080" } , "publishAllPorts" : true , "useSSL" : true } Key Propertie...
Read more

Understand .NET 9.0 Blazor Hosting Models

-
Blazor comes in three hosting models: Blazor Server , Blazor WebAssembly (WASM) , and Blazor Hybrid . Each model has unique requirements for setup in the Program.cs file and routing. Let's break down what is needed for each. 1. Blazor Server Blazor Server runs the app on the server, with the UI updates sent to the client over a real-time SignalR connection. Key Setup in Program.cs csharp var builder = WebApplication.CreateBuilder(args); // Add Blazor Server services builder.Services.AddServerSideBlazor() .AddCircuitOptions(options => options.DetailedErrors = true ); // Optional: Enable detailed errors var app = builder.Build(); // Map the Blazor Server app app.MapBlazorHub(); // Maps SignalR hub for real-time communication app.MapFallbackToPage( "/_Host" ); // Fallback route to load the app app.Run(); Router The _Host.cshtml file serves as the entry point. Routes are managed server-side. Example: razor <Router AppAssembly="typeof(Program).Ass...
Read more

Understanding a Multi-Stage Dockerfile for .NET 9 Application

-
Dockerfiles are essential for containerizing applications, allowing developers to package code, dependencies, and runtime environments into lightweight, portable containers. In this article, we’ll explore a multi-stage Dockerfile designed for a .NET Web API project named SampleWebAPI . This Dockerfile employs best practices to create a lightweight and secure container image while maintaining an efficient build process. Dockerfile Overview This Dockerfile is structured into multiple stages, each focusing on a specific phase of the containerization process: Debug Stage : Prepares the runtime environment for debugging. Build Stage : Compiles the application code. Publish Stage : Prepares the application for deployment. Runtime Stage : Creates the final container image for production. Debug Stage dockerfile FROM mcr.microsoft.com/dotnet/aspnet:9.0 AS base USER $APP_UID WORKDIR /app EXPOSE 8080 EXPOSE 8081 Base Image : Uses the official ASP.NET Core runtime image ( aspnet:9.0 ) to provide...
Read more