安裝
Azure Compute SDK NuGet套件
,並使用標準驗證機制初始化用戶端。
public class CustomLoginCredentials : ServiceClientCredentials
private string AuthenticationToken { get; set; }
public override void InitializeServiceClient<T>(ServiceClient<T> client)
var authenticationContext = new AuthenticationContext("https://login.windows.net/{tenantID}");
var credential = new ClientCredential(clientId: "{clientID}", clientSecret: "{clientSecret}");
var result = authenticationContext.AcquireTokenAsync(resource: "https://management.core.windows.net/", clientCredential: credential);
if (result == null) throw new InvalidOperationException("Failed to obtain the JWT token");
AuthenticationToken = result.Result.AccessToken;
public override async Task ProcessHttpRequestAsync(HttpRequestMessage request, CancellationToken cancellationToken)
if (request == null) throw new ArgumentNullException("request");
if (AuthenticationToken == null) throw new InvalidOperationException("Token Provider Cannot Be Null");
request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", AuthenticationToken);
request.Headers.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
//request.Version = new Version(apiVersion);
await base.ProcessHttpRequestAsync(request, cancellationToken);
var creds = new CustomLoginCredentials();
m_subId = Environment.GetEnvironmentVariable("AZURE_SUBSCRIPTION_ID");
ResourceManagementClient m_ResourcesClient = new ResourceManagementClient(creds);
NetworkManagementClient m_NrpClient = new NetworkManagementClient(creds);
ComputeManagementClient m_CrpClient = new ComputeManagementClient(creds);
StorageManagementClient m_SrpClient = new StorageManagementClient(creds);
m_ResourcesClient.SubscriptionId = m_subId;
m_NrpClient.SubscriptionId = m_subId;
m_CrpClient.SubscriptionId = m_subId;
m_SrpClient.SubscriptionId = m_subId;
安裝 Azure Resource Manager NuGet 套件,以建立新的資源群組。
var resourceGroups = m_ResourcesClient.ResourceGroups;
var m_location = “East US”;
var resourceGroupName = "ContosoRG";//provide existing resource group name, if created already
var resourceGroup = new ResourceGroup(m_location);
resourceGroup = await resourceGroups.CreateOrUpdateAsync(resourceGroupName, resourceGroup);
建立儲存體帳戶和容器,您將在其中儲存服務套件 (.cspkg) 和服務組態, (.cscfg) 檔案。 安裝Azure 儲存體 NuGet套件。 如果您使用現有的儲存體帳戶,則此步驟是選擇性的。 儲存體帳戶名稱必須是唯一的。
string storageAccountName = “ContosoSAS”
var stoInput = new StorageAccountCreateParameters
Location = m_location,
Kind = Microsoft.Azure.Management.Storage.Models.Kind.StorageV2,
Sku = new Microsoft.Azure.Management.Storage.Models.Sku(SkuName.StandardRAGRS),
StorageAccount storageAccountOutput = m_SrpClient.StorageAccounts.Create(rgName,
storageAccountName, stoInput);
bool created = false;
while (!created)
Thread.Sleep(600);
var stos = m_SrpClient.StorageAccounts.ListByResourceGroup(rgName);
created =
stos.Any(
StringComparer.OrdinalIgnoreCase.Equals(t.Name, storageAccountName));
StorageAccount storageAccountOutput = m_SrpClient.StorageAccounts.GetProperties(rgName, storageAccountName);.
var accountKeyResult = m_SrpClient.StorageAccounts.ListKeysWithHttpMessagesAsync(rgName, storageAccountName).Result;
CloudStorageAccount storageAccount = new CloudStorageAccount(new StorageCredentials(storageAccountName, accountKeyResult.Body.Keys.FirstOrDefault(). Value), useHttps: true);
var blobClient = storageAccount.CreateCloudBlobClient();
CloudBlobContainer container = blobClient.GetContainerReference("sascontainer");
container.CreateIfNotExistsAsync().Wait();
sharedAccessBlobPolicy sasConstraints = new SharedAccessBlobPolicy();
sasConstraints.SharedAccessStartTime = DateTime.UtcNow.AddDays(-1);
sasConstraints.SharedAccessExpiryTime = DateTime.UtcNow.AddDays(2);
sasConstraints.Permissions = SharedAccessBlobPermissions.Read | SharedAccessBlobPermissions.Write;
將服務套件 (.cspkg) 檔案Upload儲存體帳戶。 套件 URL 可以是來自任何儲存體帳戶的共用存取簽章 (SAS) URI。
CloudBlockBlob cspkgblockBlob = container.GetBlockBlobReference(“ContosoApp.cspkg”);
cspkgblockBlob.UploadFromFileAsync(“./ContosoApp/ContosoApp.cspkg”). Wait();
//Generate the shared access signature on the blob, setting the constraints directly on the signature.
string cspkgsasContainerToken = cspkgblockBlob.GetSharedAccessSignature(sasConstraints);
//Return the URI string for the container, including the SAS token.
string cspkgSASUrl = cspkgblockBlob.Uri + cspkgsasContainerToken;
Upload服務組態 (.cscfg) 檔案至儲存體帳戶。 將服務組態指定為字串 XML 或 URL 格式。
CloudBlockBlob cscfgblockBlob = container.GetBlockBlobReference(“ContosoApp.cscfg”);
cscfgblockBlob.UploadFromFileAsync(“./ContosoApp/ContosoApp.cscfg”). Wait();
//Generate the shared access signature on the blob, setting the constraints directly on the signature.
string sasCscfgContainerToken = cscfgblockBlob.GetSharedAccessSignature(sasConstraints);
//Return the URI string for the container, including the SAS token.
string cscfgSASUrl = cscfgblockBlob.Uri + sasCscfgContainerToken;
建立虛擬網路與子網路。 安裝Azure 網路NuGet套件。 如果您使用現有的網路和子網,則此步驟是選擇性的。
VirtualNetwork vnet = new VirtualNetwork(name: vnetName)
AddressSpace = new AddressSpace
AddressPrefixes = new List<string> { "10.0.0.0/16" }
Subnets = new List<Subnet>
new Subnet(name: subnetName)
AddressPrefix = "10.0.0.0/24"
Location = m_location
m_NrpClient.VirtualNetworks.CreateOrUpdate(resourceGroupName, “ContosoVNet”, vnet);
建立公用 IP 位址,並設定公用 IP 位址的 DNS 標籤屬性。 雲端服務 (擴充支援) 僅支援基本SKU 公用 IP 位址。 標準 SKU 公用 IP 不適用於 雲端服務。
如果您使用靜態 IP,則必須在服務組態 (.cscfg) 檔案中將其參考為保留 IP
PublicIPAddress publicIPAddressParams = new PublicIPAddress(name: “ContosIp”)
Location = m_location,
PublicIPAllocationMethod = IPAllocationMethod.Dynamic,
DnsSettings = new PublicIPAddressDnsSettings()
DomainNameLabel = “contosoappdns”
PublicIPAddress publicIpAddress = m_NrpClient.PublicIPAddresses.CreateOrUpdate(resourceGroupName, publicIPAddressName, publicIPAddressParams);
建立網路設定檔物件,並將公用 IP 位址與負載平衡器的前端產生關聯。 Azure 平臺會自動在與雲端服務資源相同的訂用帳戶中建立「傳統」SKU 負載平衡器資源。 負載平衡器資源是 ARM 中的唯讀資源。 只有透過雲端服務部署檔案 (.cscfg & .csdef) ,才支援資源的任何更新
LoadBalancerFrontendIPConfiguration feipConfiguration = new LoadBalancerFrontendIPConfiguration()
Name = “ContosoFe”,
Properties = new LoadBalancerFrontendIPConfigurationProperties()
PublicIPAddress = new CM.SubResource()
Id = $"/subscriptions/{m_subId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPAddresses/{publicIPAddressName}",
CloudServiceNetworkProfile cloudServiceNetworkProfile = new CloudServiceNetworkProfile()
LoadBalancerConfigurations = new List<LoadBalancerConfiguration>()
new LoadBalancerConfiguration()
Name = 'ContosoLB',
Properties = new LoadBalancerConfigurationProperties()
FrontendIPConfigurations = new List<LoadBalancerFrontendIPConfiguration>()
feipConfig
建立金鑰保存庫。 此金鑰保存庫將用來儲存與雲端服務 (擴充支援) 角色相關聯的憑證。 金鑰保存庫必須位於與雲端服務 (擴充支援) 實例相同的區域和訂用帳戶,且具有唯一的名稱。 如需詳細資訊,請參閱使用憑證搭配 Azure 雲端服務 (擴充支援) 。
New-AzKeyVault -Name "ContosKeyVault” -ResourceGroupName “ContosoOrg” -Location “East US”
更新金鑰保存庫的存取原則,並將憑證許可權授與您的使用者帳戶。
Set-AzKeyVaultAccessPolicy -VaultName 'ContosKeyVault' -ResourceGroupName 'ContosoOrg' -UserPrincipalName 'user@domain.com' -PermissionsToCertificates create,get,list,delete
或者,透過物件識別碼設定存取原則, (您可以藉由執行 Get-AzADUser) 取得。
Set-AzKeyVaultAccessPolicy -VaultName 'ContosKeyVault' -ResourceGroupName 'ContosOrg' - ObjectId 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx' -PermissionsToCertificates create,get,list,delete
在此範例中,我們會將自我簽署憑證新增至金鑰保存庫。 您必須在服務組態 (.cscfg) 檔案中新增憑證指紋,才能在雲端服務 (擴充支援) 角色上進行部署。
$Policy = New-AzKeyVaultCertificatePolicy -SecretContentType "application/x-pkcs12" - SubjectName "CN=contoso.com" -IssuerName "Self" -ValidityInMonths 6 -ReuseKeyOnRenewal
Add-AzKeyVaultCertificate -VaultName "ContosKeyVault" -Name "ContosCert" - CertificatePolicy $Policy
建立 OS 設定檔物件。 OS 設定檔會指定與雲端服務 (擴充支援) 角色相關聯的憑證。 在這裡,這是我們在上一個步驟中建立的相同憑證。
CloudServiceOsProfile cloudServiceOsProfile =
new CloudServiceOsProfile
Secrets = new List<CloudServiceVaultSecretGroup>
New CloudServiceVaultSecretGroup {
SourceVault = <sourceVault>,
VaultCertificates = <vaultCertificates>
建立角色設定檔物件。 角色設定檔會定義 SKU 的角色特定屬性,例如名稱、容量和層。
在此範例中,我們會定義兩個角色:ContosoFrontend 和 ContosoBackend。 角色設定檔資訊應該符合服務組態 (.cscfg) 檔案中定義的角色組態,以及服務定義 (.csdef) 檔案。
CloudServiceRoleProfile cloudServiceRoleProfile = new CloudServiceRoleProfile()
Roles = new List<CloudServiceRoleProfileProperties>();
// foreach role in cloudService
roles.Add(new CloudServiceRoleProfileProperties()
Name = 'ContosoFrontend',
Sku = new CloudServiceRoleSku
Name = 'Standard_D1_v2',
Capacity = 2,
Tier = 'Standard'
roles.Add(new CloudServiceRoleProfileProperties()
Name = 'ContosoBackend',
Sku = new CloudServiceRoleSku
Name = 'Standard_D1_v2',
Capacity = 2,
Tier = 'Standard'
(選擇性) 建立您想要新增至雲端服務 (擴充支援) 實例的擴充設定檔物件。 在此範例中,我們會新增 RDP 擴充功能。
string rdpExtensionPublicConfig = "<PublicConfig>" +
"<UserName>adminRdpTest</UserName>" +
"<Expiration>2021-10-27T23:59:59</Expiration>" +
"</PublicConfig>";
string rdpExtensionPrivateConfig = "<PrivateConfig>" +
"<Password>VsmrdpTest!</Password>" +
"</PrivateConfig>";
Extension rdpExtension = new Extension
Name = name,
Properties = new CloudServiceExtensionProperties
Publisher = "Microsoft.Windows.Azure.Extensions",
Type = "RDP",
TypeHandlerVersion = "1.2.1",,
AutoUpgradeMinorVersion = true,
Settings = rdpExtensionPublicConfig,
ProtectedSettings = rdpExtensionPrivateConfig,
RolesAppliedTo = [“*”],
CloudServiceExtensionProfile cloudServiceExtensionProfile = new CloudServiceExtensionProfile
Extensions = rdpExtension
建立雲端服務 (擴充支援) 實例的部署。
CloudService cloudService = new CloudService
Properties = new CloudServiceProperties
RoleProfile = cloudServiceRoleProfile
Configuration = < Add Cscfg xml content here>,
// ConfigurationUrl = <Add your configuration URL here>,
PackageUrl = <Add cspkg SAS url here>,
ExtensionProfile = cloudServiceExtensionProfile,
OsProfile= cloudServiceOsProfile,
NetworkProfile = cloudServiceNetworkProfile,
UpgradeMode = 'Auto'
Location = m_location
CloudService createOrUpdateResponse = m_CrpClient.CloudServices.CreateOrUpdate(“ContosOrg”, “ContosoCS”, cloudService);
檢閱雲端服務 (擴充支援) 的常見問題。
使用Azure 入口網站、PowerShell、範本或Visual Studio部署雲端服務 (擴充支援) 。
請流覽範例存放庫,以取得雲端服務 (擴充支援)
