Understanding Azure Deployment Credentials

  • Article

When you log into Microsoft Azure you are logging in with a Microsoft Account.  This account lets you add, modify, and remove resources within your Azure subscription.  Some Azure resources such as Websites and Mobile Services require a separate deployment credential to publish code.  This separate deployment credential can be confusing and I wanted to document a few key points: 

  1. The username you choose for the deployment credential must be unique across all Azure subscribers. 
  2. The deployment credential you create is tied to your Microsoft account and is the same credential for all Azure resources which require a deployment credential. 
  3. You do not want to share your deployment credential.  Again, this credential has access to publish code to all Websites and Mobile Services that your Microsoft account can administer

Having a single deployment credential that is tied to your Microsoft account makes it very easy to deploy code without having to manage user names and passwords for every Azure resource. However, there are times you want to enable others to publish to your Azure resources.  Here are a few ways to enable others to deploy to your Azure resources: 

  1. Use the publishing profile: If you are trying to share FTP information for an Azure website, you can download the Publishing Profile.  The .publishsettings file is an XML document with FTP credentials for only that Azure Website. 
  2. Deploy from an external source control repository: Both Azure Websites and Azure Mobile services provide a deployment trigger URL.  This will enable you to deploy from a Visual Studio Online, GitHub, BitBucket, or other external GIT repository. 
  3. Leverage the new user roles in the preview portal: The Azure Preview portal has new role based security for some Azure resources.  Currently this will only work for websites, but you add user with the "Website Contributor" role. 
  4. Add the user as a co-administrator: Adding a user as a co-administrator on your subscription will enable that user to publish to any Azure resource on your subscription. However, they are co-administrator which means they can also add, update, and remove any Azure resource on your subscription.