[SOLVED]Powershell restful authentication

Posted on
Mon May 26, 2014 6:55 am
howartp offline
Posts: 4559
Joined: Jan 09, 2014
Location: West Yorkshire, UK

[SOLVED]Powershell restful authentication

Hi,

I'm trying to use Powershell to access one or two things via the API.

I'm using

Code: Select all
Invoke-WebRequest -URL $url -credential $MyCred


$url is working fine, and $MyCred is currently fed with Get-Credential.

I don't believe Get-Credential is correct as that is for network/domain user accounts, not free-text Indigo accounts, but the wierd thing is, although this is returning Access Denied (401), the command that $url is sending is activating correctly! My lights are turning on!

To explain what I'm trying to achieve: We have motion sensors turning room lights out after 5 minutes. The motion sensors are correctly identifying general motion in the room including when sat watching TV. But when sat at either PC, because we are reasonably motionless and further away from the sensor, the motion sensor doesn't see us and the lights go out after 5 minutes. I want to combine a script that repeatedly runs on the PC 'When Idle' with fingscan (is PC on?) to determine by inverse logic that the PC is in use. If the PC is on, but the script hasn't run recently, then don't turn off the lights.

Does anyone know a) the correct syntax for authenticating with Indigo in Powershell, and/or b) why Indigo is acting on a command that has returned 'Access Denied'?

Peter

Posted on
Mon May 26, 2014 7:44 am
howartp offline
Posts: 4559
Joined: Jan 09, 2014
Location: West Yorkshire, UK

Re: Powershell restful authentication

Now I'm slightly annoyed.

I've just redone what I thought I'd already done, in order to copy and paste it here, and it is working correctly! :-(

Therefore, here is my Powershell code to access Indigo URLs:
Code: Select all
###
#Set variables
###

$url="http://192.168.3.2:8176/devices/DeviceName?isOn=1&_method=put"
$username = "MyUser"
$password = "MyPass"
$domain = "DOMAIN" #I left this set at default and it is working, so I guess Indigo doesn't use it.

###
#Create a NetworkCredential from the details above
###

$netCred = New-Object System.Net.NetworkCredential($username,$password,$username)

###
#Create a Digest CredentialCache from the NetworkCredential
###

$cacheDigestCred = New-Object System.Net.CredentialCache
$cacheDigestCred.Add($url,"Digest",$netCred)

###
#Create a WebClient, pass it the credentials, and retrieve the URL
###

$webClient = new-object System.Net.WebClient
$webClient.Credentials = $cacheDigestCred
$webPage = $webClient.DownloadString($url)


If you use Basic authentication with the CredentialCache, it will return an error and your request won't be processed.

If you just try passing the $netCred straight to the webclient, or use get-Credential to take input from the command line and pass that straight to the webclient, it will return an error but WILL still execute your request.

If you pass invalid credentials via any of these methods, it doesn't execute them, so it's not a security bug; just annoying that it returns unauthorized yet still executes.

Peter

Posted on
Fri Jun 13, 2014 9:56 pm
mark_anderson_us offline
Posts: 65
Joined: Jun 05, 2014

Re: [SOLVED]Powershell restful authentication

Hi

I'm trying to connect to Indigo with REST using angular.js I really don;t know much about authentication methods, so i don;t quite follow you powershell example, could you elaborate a bit on the authentication method so that I can google the appropriate solution. I'm trying to use the $http service (https://docs.angularjs.org/api/ng/service/$http), but I see nothing about credentials.

Thanks in advance

Mark

Posted on
Sat Jun 14, 2014 1:47 am
howartp offline
Posts: 4559
Joined: Jan 09, 2014
Location: West Yorkshire, UK

Re: [SOLVED]Powershell restful authentication

Hi Mark,

I just had to google AngularJS because I'd never heard of it, despite being into programming in several languages over the years.

I thought I should be able to give you a reasonable stab at the correct AngularJS code myself, but there seem to be lots of people asking on stackoverflow etc about using credentials with angularjs and not getting too much success.

What we are trying to achieve is communicating with the Indigo web service. I am assuming you've enabled security on it; definitely recommended if you're going to allow remote access to your system for monitoring or control.

For a web server running on a PC/Mac/whatever, there are off the top of my head four authentication methods: None, Basic, Digest and Integrated.

None is self-explanatory.
Integrated is used on Windows business networks where IT Administrators allow their internal web servers to be accessed by anyone who has successfully logged into their business PC - ie they are already an authorised authenticated user, so the webserver automatically trusts the user.

Basic and Digest are similar to each other - if you use your browser to access a webserver, the browser will prompt you for login details. However Basic passes the response (username/password) in clear text to the webserver, unencrypted, whereas Digest encrypts it using a hash that is negotiated between the browser and the webserver.

Indigo is compiled using Digest by default, as it is more secure - therefore if you are using a scripting language to talk to it, that language must support Digest authentication. It is possible to switch Indigo to Basic, but it's certainly recommended to try it with Digest first.

In my code above, there are four sections.

First, I define my username and password in code, as string values.

Second, I create a credential object from the username/password strings. I believe this could be passed directly to a Basic-authenticated webserver, but we need it to be Digest.

Third, I create/convert the credential into a credential usable for Digest authentication.

Finally, I create a web request and attach my Digest credential to it:

Code: Select all
$webClient = new-object System.Net.WebClient   #Create $webClient (aka your $http)
$webClient.Credentials = $cacheDigestCred      #Attach digest credential to the $webClient
$webPage = $webClient.DownloadString($url)     #Instruct the $webClient to fetch the $url, which it will do using the credentials we attached to it

This page has a AngularJS question/answer where iwein says:

Code: Select all
You should pass a configuration object, like so
$http.post(url, {withCredentials: true, ...})

or in older versions:
$http({withCredentials: true, ...}).post(...)

It looks like 'withCredentials' is how you tell your code to USE credentials, but I've found no reference as to how you specify what those are.

Hope that helps?

Peter

Posted on
Sat Jun 14, 2014 7:00 am
mark_anderson_us offline
Posts: 65
Joined: Jun 05, 2014

Re: [SOLVED]Powershell restful authentication

Thanks a lot for the explanation Peter

I had found the page on with credential= true, but like you, no mention of how to pass credentails. I'm going to look at a module called restangular and see if that's any better. I didn't see a place to turn auth to basic: just on or off in start seerver dialog. I've turned it off for now (just testing Indigo) and have a new issue with cross domain browsing: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:50441' is therefore not allowed access, so need to solve that first

Thanks again

Mark

Posted on
Sat Jun 14, 2014 12:44 pm
berkinet offline
User avatar
Posts: 3290
Joined: Nov 18, 2008
Location: Berkeley, CA, USA & Mougins, France

Re: [SOLVED]Powershell restful authentication

Can't you call curl from the PowerShell? If so, that might solve your problem.

Posted on
Sat Jun 14, 2014 12:48 pm
mark_anderson_us offline
Posts: 65
Joined: Jun 05, 2014

Re: [SOLVED]Powershell restful authentication

No, I'm writing an HTML client with AngularJS. I will run on Mac, Win, iOS, so I need ti working.

Posted on
Sat Jun 14, 2014 12:57 pm
berkinet offline
User avatar
Posts: 3290
Joined: Nov 18, 2008
Location: Berkeley, CA, USA & Mougins, France

Re: [SOLVED]Powershell restful authentication

Have you seen this blog post http://blog.brunoscopelliti.com/authent ... js-web-app Not sure if it addresses your issue though.

Page 1 of 1

Who is online

Users browsing this forum: No registered users and 1 guest