使用 Visual Studio 为 Azure 云服务中的角色启用远程桌面连接Enable Remote Desktop Connection for a Role in Azure Cloud Services using Visual Studio

可以通过远程桌面访问在 Azure 中运行的角色的桌面。Remote Desktop enables you to access the desktop of a role running in Azure. 也可以使用远程桌面连接,在应用程序正在运行时排查和诊断其问题。You can use a Remote Desktop connection to troubleshoot and diagnose problems with your application while it is running.

Visual Studio 为云服务提供的发布向导中包括一个选项,用于在发布过程中使用提供的凭据启用远程桌面。The publish wizard that Visual Studio provides for cloud services includes an option to enable Remote Desktop during the publishing process, using credentials that you provide. 使用 Visual Studio 2017 版本 15.4 和更低版本时,比较适合使用此选项。Using this option is suitable when using Visual Studio 2017 version 15.4 and earlier.

但是,使用 Visual Studio 2017 版本 15.5 和更高版本时,我们建议避免通过发布向导启用远程桌面,除非你是以独立的开发人员身份工作。With Visual Studio 2017 version 15.5 and later, however, it's recommended that you avoid enabling Remote Desktop through the publish wizard unless you're working only as a single developer. 如果其他开发人员会打开你的项目,则应该通过 Azure 门户、PowerShell 或持续部署工作流中的发布管道启用远程桌面。For any situation in which the project might be opened by other developers, you instead enable Remote Desktop through the Azure portal, through PowerShell, or from a release pipeline in a continuous deployment workflow. 推出此建议的原因是 Visual Studio 与云服务 VM 中远程桌面的通信方式发生了变化,本文会对此做出解释。This recommendation is due to a change in how Visual Studio communicates with Remote Desktop on the cloud service VM, as is explained in this article.

通过 Visual Studio 2017 版本 15.4 和更低版本配置远程桌面Configure Remote Desktop through Visual Studio 2017 version 15.4 and earlier

使用 Visual Studio 2017 版本 15.4 和更低版本时,可以使用发布向导中的“为所有角色启用远程桌面”选项。 When using Visual Studio 2017 version 15.4 and earlier, you can use the Enable Remote Desktop for all roles option in the publish wizard. 在 Visual Studio 2017 版本 15.5 和更高版本中仍可以使用该向导,但不要使用“远程桌面”选项。You can still use the wizard with Visual Studio 2017 version 15.5 and later, but don't use the Remote Desktop option.

  1. 在 Visual Studio 的“解决方案资源管理器”中,右键单击云服务项目并选择“发布”以启动发布向导。 In Visual Studio, start the publish wizard by right-clicking your cloud service project in Solution Explorer and choosing Publish.

  2. 根据需要登录到 Azure 订阅,并选择“下一步”。 Sign into your Azure subscription if needed and select Next.

  3. 在“设置”页上选择“为所有角色启用远程桌面”,然后选择“设置...”链接打开“远程桌面配置”对话框。 On the Settings page, select Enable Remote Desktop for all roles, then select the Settings... link to open the Remote Desktop Configuration dialog box.

  4. 在对话框底部,选择“更多选项”。 At the bottom of the dialog box, select More Options. 此命令会显示一个下拉列表框,可在其中创建或选择证书,以便在通过远程桌面连接时可以加密凭据信息。This command displays a drop-down list in which you create or choose a certificate so that you can encrypt credentials information when connecting via remote desktop.

    Note

    用于建立远程桌面连接的证书与用于其他 Azure 操作的证书不同。The certificates that you need for a remote desktop connection are different from the certificates that you use for other Azure operations. 远程访问证书必须有一个私钥。The remote access certificate must have a private key.

  5. 从列表中选择一个证书,或选择“<创建...>”。 Select a certificate from the list or choose <Create...>. 如果创建新证书,请在出现提示时提供新证书的友好名称,并选择“确定”。 If creating a new certificate, provide a friendly name for the new certificate when prompted and select OK. 新证书将显示在下拉列表框中。The new certificate appears in the drop-down list box.

  6. 提供用户名和密码。Provide a user name and a password. 不能使用现有帐户。You can’t use an existing account. 请不要使用“Administrator”作为新帐户的用户名。Don’t use "Administrator" as the user name for the new account.

  7. 选择帐户的过期日期,在此日期之后,远程桌面连接会被阻止。Choose a date on which the account will expire and after which Remote Desktop connections will be blocked.

  8. 提供全部所需的信息后,选择“确定”。 After you've provided all the required information, select OK. Visual Studio 会将远程桌面设置(包括使用所选证书加密的密码)添加到项目的 .cscfg.csdef 文件。Visual Studio adds the Remote Desktop settings to your project's .cscfg and .csdef files, including the password that's encrypted using the chosen certificate.

  9. 使用“下一步”按钮完成所有剩余步骤,准备好发布云服务时,选择“发布”。 Complete any remaining steps using the Next button, then select Publish when you’re ready to publish your cloud service. 如果未准备好发布,请选择“取消”,并在系统提示是否保存更改时选择“是”。 If you're not ready to publish, select Cancel and answer Yes when prompted to save changes. 以后可以使用这些设置发布云服务。You can publish your cloud service later with these settings.

使用 Visual Studio 2017 版本 15.5 和更高版本时配置远程桌面Configure Remote Desktop when using Visual Studio 2017 version 15.5 and later

使用 Visual Studio 2017 版本 15.5 和更高版本时,仍可以使用发布向导来处理云服务项目。With Visual Studio 2017 version 15.5 and later, you can still use the publish wizard with a cloud service project. 如果你是以独立的开发人员身份工作,则也可以使用“为所有角色启用远程桌面”选项。 You can also use the Enable Remote Desktop for all roles option if you're working only as a single developer.

如果你是团队的一分子,则应使用 Azure 门户PowerShell 在 Azure 云服务中启用远程桌面。If you're working as part of a team, you should instead enable remote desktop on the Azure cloud service by using either the Azure portal or PowerShell.

推出此建议的原因是 Visual Studio 2017 版本 15.5 和更高版本与云服务 VM 的通信方式发生了变化。This recommendation is due to a change in how Visual Studio 2017 version 15.5 and later communicates with the cloud service VM. 通过发布向导启用远程桌面时,早期版本的 Visual Studio 通过所谓的“RDP 插件”来与 VM 通信。When enabling Remote Desktop through the publish wizard, earlier versions of Visual Studio communicate with the VM through what's called the "RDP plugin." 而 Visual Studio 2017 版本 15.5 和更高版本则是使用更安全且更灵活的“RDP 扩展”进行通信。Visual Studio 2017 version 15.5 and later communicates instead using the "RDP extension" that is more secure and more flexible. 此项变化也符合这一事实:用于启用远程桌面的 Azure 门户和 PowerShell 方法也使用 RDP 扩展。This change also aligns with the fact that the Azure portal and PowerShell methods to enable Remote Desktop also use the RDP extension.

当 Visual Studio 与 RDP 扩展通信时,会通过 TLS 传输纯文本密码。When Visual Studio communicates with the RDP extension, it transmit a plain text password over TLS. 但是,项目的配置文件只存储加密的密码,而该密码只能使用最初加密时所用的本地证书解密成纯文本。However, the project's configuration files store only an encrypted password, which can be decrypted into plain text only with the local certificate that was originally used to encrypt it.

如果每次都从同一台开发计算机部署云服务项目,则可以使用该本地证书。If you deploy the cloud service project from the same development computer each time, then that local certificate is available. 在这种情况下,仍可以使用发布向导中的“为所有角色启用远程桌面”选项。 In this case, you can still use the Enable Remote Desktop for all roles option in the publish wizard.

但是,如果你或其他开发人员想要从不同的计算机部署云服务项目,则其他这些计算机无法提供所需的证书来解密密码。If you or other developers want to deploy the cloud service project from different computers, however, then those other computers won't have the necessary certificate to decrypt the password. 因此,会出现以下错误消息:As a result, you see the following error message:

Applying remote desktop protocol (RDP) extension.
Certificate with thumbprint [thumbprint] doesn't exist.

每次部署云服务时都可以更改密码,但是,需要使用远程桌面的每个人并不方便执行该操作。You could change the password every time you deploy the cloud service, but that action becomes inconvenient for everyone who needs to use Remote Desktop.

如果要与团队共享项目,则最好是取消选中发布向导中的选项,改为直接通过 Azure 门户PowerShell 启用远程桌面。If you're sharing the project with a team, then, it's best to clear the option in the publish wizard and instead enable Remote Desktop directly through the Azure portal or by using PowerShell.

使用 Visual Studio 2017 版本 15.5 和更高版本从生成服务器部署Deploying from a build server with Visual Studio 2017 version 15.5 and later

可以在生成代理中,从装有 Visual Studio 2017 版本 15.5 或更高版本的生成服务器(例如,使用 Azure DevOps Services)部署云服务项目。You can deploy a cloud service project from a build server (for example, with Azure DevOps Services) on which Visual Studio 2017 version 15.5 or later is installed in the build agent. 使用此方法时,部署将在可提供加密证书的同一台计算机上进行。With this arrangement, deployment happens from the same computer on which the encryption certificate is available.

若要使用 Azure DevOps Services 中的 RDP 扩展,请在生成管道中包含以下详细信息:To use the RDP extension from Azure DevOps Services, include the following details in your build pipeline:

  1. 在 MSBuild 参数中包含 /p:ForceRDPExtensionOverPlugin=true,确保部署使用 RDP 扩展而不是 RDP 插件。Include /p:ForceRDPExtensionOverPlugin=true in your MSBuild arguments to make sure the deployment works with the RDP extension rather than the RDP plugin. 例如:For example:

    msbuild AzureCloudService5.ccproj /t:Publish /p:TargetProfile=Cloud /p:DebugType=None
        /p:SkipInvalidConfigurations=true /p:ForceRDPExtensionOverPlugin=true
    
  2. 在生成步骤的后面,添加“Azure 云服务部署”步骤并设置其属性。 After your build steps, add the Azure Cloud Service Deployment step and set its properties.

  3. 在部署步骤之后,添加一个 Azure Powershell 步骤,将其“显示名称” 属性设置为“Azure Deployment:Enable RDP Extension”(或其他合适名称),并选择相应的 Azure 订阅。After the deployment step, add an Azure Powershell step, set its Display name property to "Azure Deployment: Enable RDP Extension" (or another suitable name), and select your appropriate Azure subscription.

  4. 将“脚本类型”设置为“内联”,并在“内联脚本”字段中粘贴以下代码。 Set Script Type to "Inline" and paste the code below into the Inline Script field. (也可以使用此脚本在项目中创建 .ps1 文件,将“脚本类型”设置为“脚本文件路径”,并将“脚本路径”设置为指向该文件。) (You can also create a .ps1 file in your project with this script, set Script Type to "Script File Path", and set Script Path to point to the file.)

    Param(
        [Parameter(Mandatory=$True)]
        [string]$username,
    
        [Parameter(Mandatory=$True)]
        [string]$password,
    
        [Parameter(Mandatory=$True)]
        [string]$serviceName,
    
        [Datetime]$expiry = ($(Get-Date).AddYears(1))
    )
    
    Write-Host "Service Name: $serviceName"
    Write-Host "User Name: $username"
    Write-Host "Expiry: $expiry"
    
    $securepassword = ConvertTo-SecureString -String $password -AsPlainText -Force
    $credential = New-Object System.Management.Automation.PSCredential $username,$securepassword
    
    # Try to remote existing RDP Extensions
    try
    {
        $existingRDPExtension = Get-AzureServiceRemoteDesktopExtension -ServiceName $servicename
        if ($existingRDPExtension -ne $null)
        {
            Remove-AzureServiceRemoteDesktopExtension -ServiceName $servicename -UninstallConfiguration
        }
    }
    catch
    {
    }
    
    Set-AzureServiceRemoteDesktopExtension -ServiceName $servicename -Credential $credential -Expiration $expiry -Verbose
    

使用远程桌面连接到 Azure 角色Connect to an Azure Role by using Remote Desktop

在 Azure 上发布云服务并启用远程桌面后,可以使用 Visual Studio 服务器资源管理器登录到云服务 VM:After you publish your cloud service on Azure and have enabled Remote Desktop, you can use Visual Studio Server Explorer to log into the cloud service VM:

  1. 在服务器资源管理器中,展开“Azure” 节点,并展开云服务及其角色之一的节点,以显示实例列表。In Server Explorer, expand the Azure node, and then expand the node for a cloud service and one of its roles to display a list of instances.

  2. 右键单击某个实例节点,并选择“使用远程桌面进行连接”。 Right-click an instance node and select Connect Using Remote Desktop.

  3. 输入前面创建的用户名和密码。Enter the user name and password that you created previously. 现在已登录到远程会话。You are now logged into your remote session.

其他资源Additional resources

如何配置云服务How to Configure Cloud Services