問題描述
從Azure App Service的頁面中,直接跳轉到進階管理工具Kudu站點(https://<your app service name>.scm.chinacloudsites.cn/)時,可以自動使用AAD使用者(即登入Azure門戶的訂閱賬号),同時,也可以使用App Service的釋出賬号(如FTP賬号和密碼)登入,那如何來使用呢?
There are 2 authentication mechanisms.
- Single sign on. This is only available and a default mechanism accessing via browser. User will be authenticated via AAD login.
- Basic Auth usingDeployment-credentials. This is default for non browser - such as curl. However, one can force this mode on browser by appending basicauth such as
.
https://mysite.scm.chinacloudsites.cn/basicauth
問題解答
在Azure App Service的門戶中,可以在Deployment Center中,檢視到Deployment Center中的Local Git/FTPS Credentials項中的UserName和Password。
在擷取到上一步的 UserName 和 Password 後,通過 kudu 站點的 basicauth 接口登入它。
具體的操作方式為:
在Kudu站點的url後加/basicauth,在彈出的驗證視窗中的輸入FTP credentials。
https://<your app service name>.scm.chinacloudsites.cn/basicauth
附錄一:禁用Kudu的FTP Credential方式登入(/basicauth), 可以通過Azure Cli的語句,具體如下:
az resource update --resource-group <resource-group> --name scm --namespace Microsoft.Web
--resource-type basicPublishingCredentialsPolicies --parent sites/<site-name>
--set properties.allow=false
參考資料
Accessing the kudu service:https://github.com/projectkudu/kudu/wiki/Accessing-the-kudu-service#authentication--authorization
Disabling basic auth on App Service : https://azure.github.io/AppService/2020/08/10/securing-data-plane-access.html