Connect to Azure VM via .Net 6 Web Api

Question

Connect to Azure VM via .Net 6 Web Api

Atanu Gupta 186

Hello,

I am having a windows virtual machine in Azure which is inside a virtual network as usual. The VM is exposed via a public ip. Now I can comfortably RDP to that VM via that public ip and username/password from my local laptop.

The requirement is to connect to that VM via a .Net 6 Web API and execute a powershell script inside that VM and get the output of that. Is it anyway possible to connect to azure VM via API.

I have googled a lot but didn't found anything suitable or working. Or is it not possible at all.

Please advise. Any sample code would be highly appreciable.

Prrudram-MSFT 28,201 Reputation points Moderator

2023-06-08T10:41:00.5133333+00:00
@Atanu Gupta

It should be possible to connect to an Azure VM via API and execute a PowerShell script inside that VM and get the output of that. You can use the Azure Virtual Machines REST API to manage virtual machines in Azure [doc1].

To execute a PowerShell script inside a VM and get the output of that, you can use the Invoke-AzVMRunCommand cmdlet in the Azure PowerShell module [doc2]. The Invoke-AzVMRunCommand cmdlet allows you to run PowerShell scripts on a VM by using the Azure PowerShell module [doc2].

Here are the high-level steps to connect to an Azure VM via API and execute a PowerShell script inside that VM and get the output of that:

Create an Azure AD application and assign it the necessary permissions to manage virtual machines in Azure.

Authenticate the Azure AD application and get an access token.

Use the Azure Virtual Machines REST API to get the public IP address of the VM.

Use the Invoke-AzVMRunCommand cmdlet to execute the PowerShell script inside the VM and get the output of that.

I would still suggest reaching out to azure technical support anyways to find the best ways to achieve this.

I have not tested this however, providing you with a sample here with an example code snippet that shows how to execute a PowerShell script inside a VM and get the output of that using the Azure Virtual Machines REST API and the Azure PowerShell module which might help you

Authenticate the Azure AD application and get an access token

$clientId = "your-client-id"

$clientSecret = "your-client-secret"

$tenantId = "your-tenant-id"

$subscriptionId = "your-subscription-id"

$context = New-AzStorageContext -StorageAccountName "your-storage-account-name" -StorageAccountKey "your-storage-account-key"

$token = Get-AzAccessToken -ResourceUrl "https://management.azure.com/" -Credential (New-Object System.Management.Automation.PSCredential($clientId, (ConvertTo-SecureString $clientSecret -AsPlainText -Force))) -TenantId $tenantId

Use the Azure Virtual Machines REST API to get the public IP address of the VM

$resourceGroupName = "your-resource-group-name"

$vmName = "your-vm-name"

$vm = Invoke-RestMethod -Method Get -Uri "https://management.azure.com/subscriptions/$subscriptionId/resourceGroups/$resourceGroupName/providers/Microsoft.Compute/virtualMachines/$vmName?api-version=2022-03-01" -Headers @{Authorization = "Bearer $($token.AccessToken)"}

$publicIpAddress = $vm.networkProfile.networkInterfaces.ipConfigurations.publicIPAddress.id.Split("/")[-1]

$publicIpAddress = Invoke-RestMethod -Method Get -Uri "https://management.azure.com/subscriptions/$subscriptionId/resourceGroups/$resourceGroupName/providers/Microsoft.Network/publicIPAddresses/$publicIpAddress?api-version=2022-03-01" -Headers @{Authorization = "Bearer $($token.AccessToken)"}

$publicIpAddress = $publicIpAddress.properties.ipAddress

Use the Invoke-AzVMRunCommand cmdlet to execute the PowerShell script inside the VM and get the output of that

$vm = Get-AzVM -ResourceGroupName $resourceGroupName -Name $vmName

$script = "your-script.ps1"

$command = New-AzVMRunCommand -CommandId 'RunPowerShellScript' -ScriptPath $script -Parameter @{"arg1" = "value1"; "arg2" = "value2"} -VM $vm

$output = Invoke-AzVMRunCommand -ResourceGroupName $resourceGroupName -Name $vmName -CommandId $command.CommandId -CommandParameter $command. Parameters -OutputText

If you are satisfied with this response do an upvote, then I can convert this to an answer which later you accept as answer.
Atanu Gupta 186 Reputation points

2023-06-08T11:32:00.55+00:00

Thanks for your detail response.

But is it really required to create Azure AD registration and passing those parameters for a publicly exposed VM. User is already giving the public-IP, username and password of the VM which I think should be enough. RDP (3389) is working fine with these details then why not the API?

There must be some other way instead of going that AAD way. Opening up any NSG rule or similar may help the API to connect...just thinking 😒

The roadblock is the VM connection now. Executing powershell can follow later.

Looking for alternatives and more workaround. Thank you

1 answer

Your answer

Atanu Gupta 186 Reputation points

2023-06-08T11:32:00.55+00:00

Thanks for your detail response.

But is it really required to create Azure AD registration and passing those parameters for a publicly exposed VM. User is already giving the public-IP, username and password of the VM which I think should be enough. RDP (3389) is working fine with these details then why not the API?

There must be some other way instead of going that AAD way. Opening up any NSG rule or similar may help the API to connect...just thinking 😒

The roadblock is the VM connection now. Executing powershell can follow later.

Looking for alternatives and more workaround. Thank you

Answer 1

Ok

I have used the following code to connect to an Azure VM using AAD credentials and successfully executed a powershell script on it... and the requirement is resolved.

Sharing the code if anybody need this kind of solution 😊

using Microsoft.AspNetCore.Mvc;
using Microsoft.Azure.Management.Compute;
using Microsoft.IdentityModel.Clients.ActiveDirectory;
using Microsoft.Rest;

ConnectVM()
{
	string TenantId = "";
	string ApplicationId = "";
	string SubscriptionId = "";
	string ResourceGroup = "";
	string VirtualMachineName = "";
	string ClientSecret = "";
	
	var context = new AuthenticationContext($"https://login.microsoftonline.com/{TenantId}");	
	var credentials = new ClientCredential(ApplicationId, ClientSecret);
	var result = context.AcquireTokenAsync("https://management.azure.com/", credentials).Result;
	
	var token = result.AccessToken;
	var tokencredentials = new TokenCredentials(token);
	var computeClient = new ComputeManagementClient(tokencredentials)
	{
		SubscriptionId = SubscriptionId
	};

	var c = SdkContext.AzureCredentialsFactory.FromServicePrincipal(ApplicationId, ClientSecret, TenantId, AzureEnvironment.AzureGlobalCloud);

	var azure = Azure.Configure()
			.WithLogLevel(HttpLoggingDelegatingHandler.Level.Basic)
            .Authenticate(c)
            .WithSubscription(SubscriptionId);

	// Get the VM reference
	var virtualMachine = azure.VirtualMachines.GetByResourceGroup(ResourceGroup, VirtualMachineName);

	if(virtualMachine != null)
	{
		// Define the script to execute
		var scriptPath = "mypath/to/powershell/script.ps1";

		var runCommandInput = new RunCommandInput()
		{
			CommandId = "RunPowerShellScript",
			Script = new List<string> { System.IO.File.ReadAllText(scriptPath) },
			Parameters = new List<RunCommandInputParameter>()
		}

		var runCommandResult = virtualMachine.RunCommand(runCommandInput);

		//Retrieve the script execution output
		var scriptOutput = runCommandResult.Value[0].Message;
		return scriptOutput;
	}
	else
	{
		return "The VM is not found or there was an error connecting to it.";  
	}
}

Share via

Connect to Azure VM via .Net 6 Web Api

Authenticate the Azure AD application and get an access token

Use the Azure Virtual Machines REST API to get the public IP address of the VM

Use the Invoke-AzVMRunCommand cmdlet to execute the PowerShell script inside the VM and get the output of that

1 answer

Your answer