I wish to check content of one database on server where I'm able to log into by means of Windows Authentication. Sounds really simple and many examples are provided over the Internet.
I tried few examples and each fails on my machine. I suspect, that there might be problem during credentials conversion.
My code (shortened) is as follows:
[System.Reflection.Assembly]::LoadWithPartialName("Microsoft.SqlServer.SMO")
$User=[System.Security.Principal.WindowsIdentity]::GetCurrent().Name
$credentials = Get-Credential $saUser | Select-Object *
$Pwd = $credentials.Password | ConvertFrom-SecureString
$targetConn = New-Object ('Microsoft.SqlServer.Management.Common.ServerConnection') ('myServer', $User, $Pwd)
$targetServer = New-Object ('Microsoft.SqlServer.Management.Smo.Server') $targetConn
till now there's no error message.
When I type $targetServer, I don't see any objects listed (no Databases as well).
When I tried to check $targetServer.Databases, I received:
The following exception was thrown when trying to enumerate the collection: "Failed to connect to server mmyServer."
ConvertFrom-SecureString converts a secure string into an "encrypted standard string" (a hash, which is intended to store the encrypted string in text format). So, you're providing a password hash ($Pwd) as the password argument when creating the $targetConn object, which is invalid.
You can get the plaintext password from the PSCredential object $credentials this way:
$Pwd = $credentials.GetNetworkCredential().Password
However, according to the documentation for the contructors for the ServerConnection class, you can also provide a secure string as the password argument. So it should work if you simply leave out the | ConvertFrom-SecureString, i.e.
$Pwd = $credentials.Password
That's probably a better idea, since it's a little more secure. If you use the first method to get the plaintext password, there's a possibility that the RAM location that stores the $Pwd variable will be paged out while the script is running, resulting in the plaintext password being written to the disk.
Related
I am writing a .NET Console application, our goal is keep a message on the queue and read the message. the message header should contain User Name & Password. I try to pass the Message with below code it is not working.
hashTable.Add(MQC.TRANSPORT_PROPERTY, MQC.TRANSPORT_MQSERIES_CLIENT);
hashTable.Add(MQC.HOST_NAME_PROPERTY, strServerName);
hashTable.Add(MQC.CHANNEL_PROPERTY, strChannelName);
hashTable.Add(MQC.PORT_PROPERTY, 1414);
hashTable.Add(MQC.USER_ID_PROPERTY, "XXXXXX");
hashTable.Add(MQC.PASSWORD_PROPERTY, "XXXXXX");
hashTable.Add(MQC.USE_MQCSP_AUTHENTICATION_PROPERTY, true);
queueManager = new MQQueueManager(strQueueManagerName,hashTable);
queue = queueManager.AccessQueue(requestQueue, MQC.MQOO_OUTPUT + MQC.MQOO_FAIL_IF_QUIESCING);
requestMessage = new MQMessage();
requestMessage.WriteString(StrAPICMessage);
requestMessage.Format = MQC.MQFMT_STRING;
requestMessage.MessageType = MQC.MQMT_REQUEST;
requestMessage.Report = MQC.MQRO_COPY_MSG_ID_TO_CORREL_ID;
requestMessage.ReplyToQueueName = responseQueue;
requestMessage.ReplyToQueueManagerName = strQueueManagerName;
queuePutMessageOptions = new MQPutMessageOptions();
queue.Put(requestMessage, queuePutMessageOptions);
In the Message Descriptor it is taking the default value mentioned MQ Server. it is not takeing my UserName "XXXXX"
I have tried using the CSICS Bridge header also unable to send the message with my application Service account + Password.
help me on this scenario.
See "MQCSP authentication mode" here: https://www.ibm.com/docs/en/ibm-mq/latest?topic=authentication-connection-java-client
It says:
In this mode, the client-side user ID is sent as well as the user ID and password to be authenticated, so you are able to use ADOPTCTX(NO). The user ID and password are available to a server-connection security exit in the MQCSP structure that is provided in the MQCXP structure.
"client-side user ID" means the UserId that the application is running under. Therefore, if you are authenticating with a different UserId than the one that the application is running under.
Therefore, you (or your MQAdmin) will need to change ADOPTCTX to YES.
Your program works fine for me, when I fill in the correct values for my qmgr connection.
Except for one change I made: instead of TRANSPORT_MQSERIES_CLIENT I used TRANSPORT_MQSERIES_MANAGED. That keeps everything in the managed .Net space.
Without that change, I was actually getting MQRC_UNSUPPORTED_FUNCTION during the connection which typically means either some kind of mismatch between versions of interfaces, or it couldn't find the C dll that underpins the unmanaged environment. And I wasn't going to take time to dig into that further.
Running amqsbcg against the output queue, I see
UserIdentifier : 'mqguest '
which is the id I had set in the USER_ID_PROPERTY.
Am working on anypoint studio 6.6.8 with runtime 3.9.4EE.
I have the following mssql generic database connection string.
jdbc:sqlserver://ABC.org:59000;databaseName=master;username=nrp;password=*37n%3b#wu;5r:;_1z~(f{1y{j
Test connection gives me the following error:
Test connection failed:
org.mule.module.db.internal.domain.connection.ConnectionCreationException: Cannot get connection for URL jdbc:sqlserver://ABC.org:59000;databaseName=master;username=nrp;password=<<credentials>>;5r:;_1z~(f{1y{j: The connection string contains a badly formed name or value
PS: I have 2 semi colons in password
I have seen similar question raised here earlier a few times, hence my question might look repetitive.
however I tried the following solutions given in the replies. none of them worked. Please let me know if you have any alternate solution.
Enclosing the password in single quotes.
adding \ in front of ;
Enclosing password within double quotes or {}
Am not the admin hence removing ; from password cannot be done.
The connection string is in a format known as JAVA JDBC URL. It is similar to a normal URL. Many characters are not allowed in URLs and have to be encoded with the URL encoding method. Try using URL encoding for the entire URL. You can do it with most languages or online pages, though you might want to avoid public pages for sensitive information like passwords.
Example in Groovy: https://stackoverflow.com/a/10187493/721855.
Example in Python: https://stackoverflow.com/a/5607708/721855.
Thank you #aled
So the {} did work. I was doing it the wrong way.
I was encrypting the password & later concatenating {} to the decrypted password right b4 passing the connection string.
What worked was that I enclosed the password in {} first & then encrypted it.
I am using the below command,
$SQLServerPSCred = Get-Credential
to get the credential object.
How can I get the Creds object without the Prompt?
I have tried below code, but it is failing.
$SQLServerPSCred = New-Object System.Management.Automation.PSCredential -ArgumentList $UserName, $Password
You haven't included much information about what your actual problem with the code is. it's correct that you're prompted with your first example. As you explicitly tell it to ask you.
With your second example it's incomplete.
PowerShell – How to create a PSCredential object by koteshblog has an example on how to do it:
$secpasswd = ConvertTo-SecureString "PlainTextPassword" -AsPlainText -Force
$mycreds = New-Object System.Management.Automation.PSCredential ("username", $secpasswd)
As you can see you first need to convert the password into a SecureString which you can pass to the credential object. It also shows a slightly different syntax but that shouldn't matter.
Depending on what you're doing and where that script resides it can also be worth it to look into some form of "more secure" storage for your secrets. As it is everyone who would have access to the script could extract the username and password from it.
One option is to store the secure string. But keep in mind a secure string is somewhat tied to the users. So You won't be able to easily just pass along a text file that contains the password.
For an example on how to do that check Powershell Tip – Storing and Using Password Credentials by robcost. It's a basic solutions there might be better ones available depending on your needs.
I have looked at various solutions and am familiar with using the \ as an escape character. Im in a situation where I need to pass credentials over pyodbc and in making my connection string I need to pass credentials, unfortunately my username is in the format domain\username . I am continually getting errors because the literal string passed to SQL server is domain\username. I have seen a similar question on here trying to figure this out for url requests. I tried implementing it and I end up with the same error once the actual credentials are decoded. I've tried all kinds of string and raw string tricks best I can get is either '\ ' (with space behind it) or '\\' being literally passed to SQL Server. Any ideas?
#username and password is an argument passed from the console, lets just focus on username issue
username = bytes(sys.argv, 'utf8')
credentials = base64.b64encode(usename, altchars = bytes('\ ', 'utf8') )
cnxnstrng = f'''Driver={SQL Server};
Server=server;
Database=database};
UID={base64.b64decode(credentials)};
PWD=password'''
I am developing a routine that imports data from a 3rd party SFTP server. This server uses WinSCP to create the SFTP Connection and uses a SSH Private Key for the connection rather than a username and password. So I create my connection as below in a script task:
SessionOptions sessionOptions = new SessionOptions
{
Protocol = Protocol.Sftp,
HostName = ftpSite,
UserName = username,
Password = password,
SshHostKeyFingerprint = sshKey,
SshPrivateKeyPassphrase = "mypassword",
SshPrivateKeyPath = #"C:\path\to\private.ppk"
};
I'm happy enough storing the Private Key Path in a database table (which contains my connectoin settings) but I want to store the SshPrivateKeyPassphrase somehwere that is encrypted. I was initially thinking can I create an Encrypted Variable, so if you look at the xml of the package, it won't expose the password directly, but I can reference the variable in code to pass the password to the connection.
I was also looking at creating a dummy Connection and see if I can refer to the connection and get the password in the code, but it seems a bit of a fudge.
The solution the package is in is passworded, i'm just trying to cover all bases, so if someone gets access to the package who shouldn't, they won't get the private key passphrase as that would cause us all sorts of issues.