Azure has many functions that I don’t know. Recently I need to dynamically create Virtual Machines, but using my own credential is not properly since it needs 2FA to authenticate. I searched the document, Azure provides a Service Application and Service Principal, using it can access Azure API without needing user interactive login.
I recommend to use Azure CLI to create your Service Application and Service Principal since I feel it quite convenient to use.
Why we need it? “One does not want to login interactively all the time. Azure provides service principal authentication as a secure way for silent login.”
First please read the document to know what’s Service Application by this link https://azure.microsoft.com/en-us/documentation/articles/active-directory-application-objects/.
How to create? In github, here is the document, https://github.com/Azure/azure-sdk-for-node/blob/master/Documentation/Authentication.md.
What’s different is that azure may did some updates. The command provided by the document may not execute right. In old document, application and service principle can be created together, but in my Azure version(0.9.9), it must created by two commands. The process is the same as in the above github link. After setting right, you can login in with the create Service Principle.
You can use ms-rest-azureAPI to access the resources.