I am using the below command,
$SQLServerPSCred = Get-Credential
to get the credential object.
How can I get the Creds object without the Prompt?
I have tried below code, but it is failing.
$SQLServerPSCred = New-Object System.Management.Automation.PSCredential -ArgumentList $UserName, $Password
You haven't included much information about what your actual problem with the code is. it's correct that you're prompted with your first example. As you explicitly tell it to ask you.
With your second example it's incomplete.
PowerShell – How to create a PSCredential object by koteshblog has an example on how to do it:
$secpasswd = ConvertTo-SecureString "PlainTextPassword" -AsPlainText -Force
$mycreds = New-Object System.Management.Automation.PSCredential ("username", $secpasswd)
As you can see you first need to convert the password into a SecureString which you can pass to the credential object. It also shows a slightly different syntax but that shouldn't matter.
Depending on what you're doing and where that script resides it can also be worth it to look into some form of "more secure" storage for your secrets. As it is everyone who would have access to the script could extract the username and password from it.
One option is to store the secure string. But keep in mind a secure string is somewhat tied to the users. So You won't be able to easily just pass along a text file that contains the password.
For an example on how to do that check Powershell Tip – Storing and Using Password Credentials by robcost. It's a basic solutions there might be better ones available depending on your needs.
Related
Can someone help me how i can update an authentication data entry using wsadmin without logging into was console as i have too many data sources and doing them manually is a time taking procedure. Below is the far that i can get to. Not sure how to use the arguments. Thanks for your help in advance.
wsadmin>$AdminTask help modifyAuthDataEntry
WASX8006I: Detailed help for command: modifyAuthDataEntry
Description: Modify an authentication data entry
Target object: None
Arguments:
securityDomainName - Name used to uniquely identify the security domain.
*alias - The alias of the auth data.
user - The username of the auth data.
password - The password of the auth data.
description - The description of the auth data.
Steps:
None
wsadmin>
Modify authData with:
AdminTask.modifyAuthDataEntry('[-alias myAlias -user myUser -password myPassword -description "my alias description" ]')
In general, to learn the wsadmin command for a given Admin Console operation which you know how to perform, you can use the command assistance function to capture the equivalent last wsadmin scripting command.
In the SolarWinds user interface, there is a button you can click within a switch or interface view to "Poll Now", instead of waiting for the regularly scheduled poll. I have been trying to figure out a way to recreate this functionality using the SolarWinds API. I've looked through this page, and it seems like I will need to use either the 'invoke' or 'update' operations, but there is almost no information on the actual usage. I have also tried examining the Javascript in the user interface, and can't make heads or tails of it.
I'm wondering if someone can point me towards some useful documentation as to what operations are actually available in the API (the 'invoke' operation requires you to give a 'verb' as an argument, but I can't find any kind of list or documentation as to what verbs are available). Does anyone know of any resources?
If you look at Orion.Nodes SWIS Entity you can see in the bottom "PollNow" SWIS Verb. Unfortunatelly it is not so well documented what parameters it actually has (it can be seen in SWQL Studio though). But you should be able to do it this way using Powershell:
$orionHost = "<hostname where orion is installed>"
$orionUsername = "Admin" # fill login username to orion
$orionPassword = "Pass" # fill login password to orion, this example counts that this is not empty string
$nodeIdToPoll = 1; # put id of the node
$Entity = "Orion.Nodes"
$Verb = "PollNow"
$Data = #($nodeIdToPoll)
[System.Net.ServicePointManager]::ServerCertificateValidationCallback = {$true}
$credentials = new-object PSCredential ($orionUsername , (ConvertTo-SecureString $orionPassword -AsPlainText -Force))
Invoke-RestMethod "https://$($orionHost):17778/SolarWinds/InformationService/v3/Json/Invoke/$Entity/$Verb" `
-Method POST `
-Body (ConvertTo-Json -InputObject $Data) `
-Credential $credentials `
-ContentType "application/json"
I am not looking for a solution that involves the user, a token generated, and emailing in order to reset a user's password.
The scenario is a user contacts the admins and asks them to reset their password (internal organization web app). They are then told what that new temporary password is so they can log in and change it.
I see no function that lets me do the above. My attempt:
string passwordToken = await UM.GeneratePasswordResetTokenAsync(user.Id);
IdentityResult res = await UM.ResetPasswordAsync(user.Id, passwordToken, "newPassword##!$%");
UM is UserManager.
I get error "No IUserTokenProvider is registered". I think GeneratePasswordResetToken is the one causing the error. If so, why?
How do I properly do what I need?
Use the combination of RemovePasswordAsync and AddPasswordAsync
UserManager.RemovePasswordAsync(user.Id);
UserManager.AddPasswordAsync(user.Id, tempPassword);
I wish to check content of one database on server where I'm able to log into by means of Windows Authentication. Sounds really simple and many examples are provided over the Internet.
I tried few examples and each fails on my machine. I suspect, that there might be problem during credentials conversion.
My code (shortened) is as follows:
[System.Reflection.Assembly]::LoadWithPartialName("Microsoft.SqlServer.SMO")
$User=[System.Security.Principal.WindowsIdentity]::GetCurrent().Name
$credentials = Get-Credential $saUser | Select-Object *
$Pwd = $credentials.Password | ConvertFrom-SecureString
$targetConn = New-Object ('Microsoft.SqlServer.Management.Common.ServerConnection') ('myServer', $User, $Pwd)
$targetServer = New-Object ('Microsoft.SqlServer.Management.Smo.Server') $targetConn
till now there's no error message.
When I type $targetServer, I don't see any objects listed (no Databases as well).
When I tried to check $targetServer.Databases, I received:
The following exception was thrown when trying to enumerate the collection: "Failed to connect to server mmyServer."
ConvertFrom-SecureString converts a secure string into an "encrypted standard string" (a hash, which is intended to store the encrypted string in text format). So, you're providing a password hash ($Pwd) as the password argument when creating the $targetConn object, which is invalid.
You can get the plaintext password from the PSCredential object $credentials this way:
$Pwd = $credentials.GetNetworkCredential().Password
However, according to the documentation for the contructors for the ServerConnection class, you can also provide a secure string as the password argument. So it should work if you simply leave out the | ConvertFrom-SecureString, i.e.
$Pwd = $credentials.Password
That's probably a better idea, since it's a little more secure. If you use the first method to get the plaintext password, there's a possibility that the RAM location that stores the $Pwd variable will be paged out while the script is running, resulting in the plaintext password being written to the disk.
Using Apache mod_auth_basic and mod_authn_dbd you can authenticate a user by looking up that user's password in the database. I see that working if the password is held in clear, but what if we use a random string as a salt (also stored in the database) then store the hash of the concatenation?
mod_authn_dbd requires you to specify a query to select that password not to decide if the user is authenticated of not. So you cannot use that query to concatenate the user provided password with the salt then compare with the stored hash.
AuthDBDUserRealmQuery "SELECT password FROM authn WHERE user = %s AND realm = %s"
Is there a way to make this work?
Looking at the Password Formats for Basic Auth it seemed that I could make this work if the hash is done using the apr_md5_encode function.
Found another question that relates to this and links to a Java implementation. I used that implementation with a small change to calculate the database hash inside my website normal user-creation flow. After this i could use mod_authn_dbd with this query:
AuthDBDUserRealmQuery "SELECT CONCAT('$apr1$',password_salt,'$',password_hash) FROM users WHERE user = %s AND realm = %s"