| author | ms.author | ms.service | ms.topic | ms.date |
|---|---|---|---|---|
robinsh |
robinsh |
iot-hub |
include |
10/26/2018 |
You must authenticate all the operations that you perform on resources using the Azure Resource Manager with Azure Active Directory (AD). The easiest way to configure this is to use PowerShell or Azure CLI.
Install the Azure PowerShell cmdlets before you continue.
The following steps show how to set up password authentication for an AD application using PowerShell. You can run these commands in a standard PowerShell session.
-
Sign in to your Azure subscription using the following command:
Connect-AzAccount -
If you have multiple Azure subscriptions, signing in to Azure grants you access to all the Azure subscriptions associated with your credentials. Use the following command to list the Azure subscriptions available for you to use:
Get-AzSubscriptionUse the following command to select subscription that you want to use to run the commands to manage your IoT hub. You can use either the subscription name or ID from the output of the previous command:
Select-AzSubscription ` -SubscriptionName "{your subscription name}"
-
Make a note of your TenantId and SubscriptionId. You need them later.
-
Create a new Azure Active Directory application using the following command, replacing the place holders:
-
{Display name}: a display name for your application such as MySampleApp
-
{Home page URL}: the URL of the home page of your app such as http://mysampleapp/home. This URL does not need to point to a real application.
-
{Application identifier}: A unique identifier such as http://mysampleapp. This URL does not need to point to a real application.
-
{Password}: A password that you use to authenticate with your app.
$SecurePassword=ConvertTo-SecureString {password} –asplaintext –force New-AzADApplication -DisplayName {Display name} -HomePage {Home page URL} -IdentifierUris {Application identifier} -Password $SecurePassword
-
-
Make a note of the ApplicationId of the application you created. You need this later.
-
Create a new service principal using the following command, replacing {MyApplicationId} with the ApplicationId from the previous step:
New-AzADServicePrincipal -ApplicationId {MyApplicationId}
-
Set up a role assignment using the following command, replacing {MyApplicationId} with your ApplicationId.
New-AzRoleAssignment -RoleDefinitionName Owner -ServicePrincipalName {MyApplicationId}
You have now finished creating the Azure AD application that enables you to authenticate from your custom C# application. You need the following values later in this tutorial:
- TenantId
- SubscriptionId
- ApplicationId
- Password