CODEWITHSUNDEEP
powershellazureadalazure-automation
Eosfor
Eosfor

Reputation: 81

ADAL and Azure automation

I'm trying to call Azure REST Api from Azure Automation so i need to acquire auth header. I use ADAL for it but in Azure Automation it fails with the following.

So the question is - how to use ADAL in Azure Automation?

ERROR: Exception calling "AcquireToken" with "4" argument(s): "Unable to find an entry point named 'GetPerAdapterInfo' in DLL 'iphlpapi.dll'." At C:\Modules\User\azureadauth\azureadauth.psm1:16 char:5 + $authResult = $authContext.AcquireToken($resourceAppIdURI, $clien ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (:) [], MethodInvocationException + FullyQualifiedErrorId : EntryPointNotFoundException

ERROR: You cannot call a method on a null-valued expression. At C:\Modules\User\azureadauth\azureadauth.psm1:19 char:5 + $authHeader = $authResult.CreateAuthorizationHeader() + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidOperation: (:) [], RuntimeException + FullyQualifiedErrorId : InvokeMethodOnNull

Upvotes: 4

Views: 2415

Answers (3)

Jason Boyd
Jason Boyd

Reputation: 7029

I ran into the same issue. Here is what I found when investigating and how I was able to work around it. I assume you are following one of the examples that are floating around on the internet to create an access token for Azure Graph API. The examples typically look something like this:

$TenantId = "YourTenantIdHere"
$authString = "https://login.microsoftonline.com/" + $TenantId
$resourceUrl = "https://graph.windows.net"

$authenticationContext = [Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext]::new($authString, $false)

# Use common client 
$clientId = "1950a258-227b-4e31-a9cf-717495945fc2"
$redirectUrl = "urn:ietf:wg:oauth:2.0:oob"

$GraphApiAccessToken = $authenticationContext.AcquireToken($resourceUrl, $clientId, $redirectUrl, [Microsoft.IdentityModel.Clients.ActiveDirectory.PromptBehavior]::Auto).AccessToken

$headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
$headers.Add("Authorization", $GraphApiAccessToken)

You ran that in your local environment and everything worked fine but when you tried to execute it in an Azure Automation Account you got the error that you posted. I know because that is what happened to me.

Curios to know more about the 'iphlpapi.dll' file that was mentioned in the error I created a runbook in the Azure Automation Account to list the version info for that file by executing this command:

(Get-Item C:\Windows\System32\IPHLPAPI.DLL).VersionInfo | fl

This is the result:

OriginalFilename  : IpHlpApi.dll
FileDescription   : IP Helper API Library
ProductName       : Microsoft® Windows® Operating System
Comments          : 
CompanyName       : Microsoft Corporation
FileName          : C:\Windows\System32\IPHLPAPI.DLL
FileVersion       : 6.2.9200.2203 (x64fre.140823-0405)
ProductVersion    : 6.2.9200.2203
IsDebug           : False
IsPatched         : False
IsPreRelease      : False
IsPrivateBuild    : False
IsSpecialBuild    : False
Language          : English (United States)
LegalCopyright    : © Microsoft Corporation. All rights reserved.
LegalTrademarks   : 
PrivateBuild      : 
SpecialBuild      : 
FileVersionRaw    : 6.2.9200.2203
ProductVersionRaw : 6.2.9200.2203

Running the same command in my local environment yielded:

OriginalFilename  : iphlpapi.dll.mui
FileDescription   : IP Helper API
ProductName       : Microsoft® Windows® Operating System
Comments          : 
CompanyName       : Microsoft Corporation
FileName          : C:\Windows\System32\IPHLPAPI.DLL
FileVersion       : 10.0.15063.0 (WinBuild.160101.0800)
ProductVersion    : 10.0.15063.0
IsDebug           : False
IsPatched         : False
IsPreRelease      : False
IsPrivateBuild    : False
IsSpecialBuild    : False
Language          : English (United States)
LegalCopyright    : © Microsoft Corporation. All rights reserved.
LegalTrademarks   : 
PrivateBuild      : 
SpecialBuild      : 
FileVersionRaw    : 10.0.15063.0
ProductVersionRaw : 10.0.15063.0

So the version of the file in the Azure Automation Account is clearly older and appears to be incompatible with the AzureRm.Profile module.

I was able to work around this by finding another way to create an access token using the automation connection's certificate, a way that appears to not rely on the 'iphlpapi.dll'

$servicePrincipalConnection = Get-AutomationConnection -Name 'YourAzureAutomationConnectionNameHere'
$tenantId = 'YourTenantIdHere'

$certificate = Get-AutomationCertificate -Name 'YourAutomationConnectionCertificateNameHere'

$authorizationUrl = "https://login.microsoftonline.com/$tenantId"
$resourceUrl = "https://graph.windows.net"

$authenticationContext = [Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext]::new($authorizationUrl, $false)

$assertionCert = new-object Microsoft.IdentityModel.Clients.ActiveDirectory.ClientAssertionCertificate($servicePrincipalConnection.ApplicationId, $certificate)

$accessToken = $authenticationContext.AcquireToken($resourceUrl, $assertionCert).AccessToken

Upvotes: 1

Joe
Joe

Reputation: 2540

You don't need to do this to call the Azure API from Azure Automation. You can use the Azure PowerShell cmdlets for this, which ship out of the box in Azure Automation and handle authentication for you. Please see https://azure.microsoft.com/en-us/documentation/articles/automation-configuring/ for more info.

Upvotes: 0

Kanishk Panwar
Kanishk Panwar

Reputation: 1105

From the error it seems that your automation is unable to find the entry point in your test class itself.

Upvotes: 0

Related Questions