I'm relatively new to Powershell so really not sure where to go with this issue now. I am trying to download a file from a subversion repository and am getting the (401) Unauthorized" error. I am able to log into the site and download the file using IE using the exact Same credentials on the same machine.
$source = "http://repository/folder/File.exe"
$destination = "E:\Temp\File.exe"
$wc = New-Object System.Net.WebClient
$user="user"
$pwd=convertto-securestring -string "password" -AsPlainText -force
$creds=New-Object System.Management.Automation.PSCredential -ArgumentList $user, $pwd
$wc.Credentials = New-Object System.Net.NetworkCredential ($user, $Creds.GetNetworkCredential().Password,"DOMAIN")
$download=$wc.DownloadFile($source, "$destination")
Exception calling "DownloadFile" with "2" argument(s): "The remote server returned an error: (401) Unauthorized."
Any ideas if this is cross platform issue? And how to get around this?
Thanks
Are you using basic auth on your iis/apache? If so try this:
$source = "http://repository/folder/File.exe"
$destination = "E:\Temp\File.exe"
$wc = new-object System.Net.WebClient
$credCache = new-object System.Net.CredentialCache
$creds = new-object System.Net.NetworkCredential($user,$pwd)
$credCache.Add($source, "Basic", $creds)
$wc.Credentials = $credCache
$wc.DownloadFile($source, $destination)
Related
We have many servers with a ASP.Net application installed. I'm trying to figure out a automatic way to connect to the sql server using Powershell.
They use a domain account to run the app pool. I have the code below to get the connection string from the app and the app pool identity to try to open a connection to sql.
However, when I run it in powershell, the sql login fails for, Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'. I don't understand why. I confirmed the ASP.Net Application is using the App Pool Identity in SQL via sp_who2.
Output confirms that the invoke-command is using the App Pool Identity. I can't change the connectionstring per business policies. I want to only use .Net to connect to SQL because I know .Net framework 4.8 will be on all machines I use to run it.
I removed the code for getting the connection string and app pool identity from the sample below in hopes to allow more people to troubleshoot.
Just update the username, password, and server name below and try it out
$username = 'MyUsername'
$password = 'MyPassword'
$ConnStr = 'Data Source=MyServer;Trusted_Connection=yes;'
$query = 'Select system_user, ##servername DBHostName,(SELECT login_time FROM sys.sysprocesses where spid=1)SQLUptime, ##version SQLVersion;'
$SQLPoshCmds = {
$env:USERNAME
$args[0]
try{
$SqlConnection = New-Object System.Data.SqlClient.SqlConnection
$SqlConnection.ConnectionString = $args[0]
$SqlCmd = New-Object System.Data.SqlClient.SqlCommand
$SqlCmd.CommandText = $args[1]
$SqlCmd.Connection = $SqlConnection
$SqlAdapter = New-Object System.Data.SqlClient.SqlDataAdapter
$SqlAdapter.SelectCommand = $SqlCmd
$SqlConnection.open()
$DataSet = New-Object System.Data.DataSet
$SqlAdapter.Fill($DataSet)
$DataSet.Tables|fl
}
Catch{
$_
# write "`r`n$($_.Exception)"
# write $_.ScriptStackTrace
# write $_.ErrorDetails
}
Finally{
$SqlConnection.Close()
$SqlConnection.Dispose()
}
}
if($ConnStr.Contains('Trusted_Connection=yes;')){
invoke-command -ArgumentList $ConnStr,$query -ComputerName '.' -ScriptBlock $SQLPoshCmds -Credential (New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $username,(ConvertTo-SecureString -AsPlainText $password -Force))
}else{
invoke-command -NoNewScope -ScriptBlock $SQLPoshCmds
}
I'm trying to connect to SQL server via PowerShell using the below (I'm new to this). I always get the error "login failed" when I use secure password (from Get-Credential or password stored in file). But if I pass the password as plaintext instead of secure string, it connects successfully. Could any one please suggest a method to pass secure password, ideally stored in an external file.
The code I ran and the error is below:
$cred = Get-Credential
$pwd = $cred.Password
$uid = $cred.UserName
$SQLServer = "."
$SQLDBName = "TestDB"
#Initialize connection string
$connString = "Data Source=$SQLServer;Database=$SQLDBName;User ID=$uid;Password=$pwd"
#Create a SQL connection object
$conn = New-Object System.Data.SqlClient.SqlConnection $connString
#Attempt to open the connection
$conn.Open()
if($conn.State -eq "Open")
{
# We have a successful connection here
# Notify of successful connection
Write-Host "Test connection successful"
$conn.Close()
}
Exception calling "Open" with "0" argument(s): "Login failed for user 'TestUser'."
At line:18 char:1
+ $conn.Open()
+ ~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : SqlException
Further details of error from SQL server:
Login failed for user 'TestUser'. Reason: Password did not match that for the login provided. [CLIENT: <local machine>]
Change this
$pwd = $cred.Password
to this
$pwd = $cred.GetNetworkCredential().Password
However, I would advise against storing a plain text password in memory like this. Your method requires it to--at best--be passed as a parameter in plain text, so you need a better method.
Try using this sqlserver module which supports the -Credential parameter in the Invoke-Sqlcmd function.
I was able to pass secure string as password by adding Integrated Security = True; parameter in connection string.
Thank you.
I'm trying to call a WCF service from PowerShell.
This is what I have so far based on a few misc example I found on the web:
# Create the WebSvcURL variable and pass the WSDL URL
$WebSvcURL= “http://localhost/DEMO/SetPassKey/SetPassKey_Logic_SetPassKeyWebService_SetPassKeyWCF.svc?wsdl“
#Create the Web Service Proxy Object
#$serviceProxy = New-WebServiceProxy -Uri $WebSvcURL -Namespace "http://Sample.SetPassKey.Logic" -Class Program -UseDefaultCredential
$serviceProxy = New-WebServiceProxy -Uri $WebSvcURL -UseDefaultCredential
# Create Request Object
$namespace = $serviceProxy.getType().namespace
write-host "Namespace=$namespace"
$req = New-Object ($namespace + "/SetPassKeyOrchWebRequest")
$resp = New-Object ($namespace + "/SetPassKeyOrchWebResponse")
$req.NewPassKey = "TEST" # <--- PUT YOUR NEW PASSWORD HERE
$resp = $serviceProxy.SetPassKey($req)
$resp
I'm confused on a few things:
If and when I need to include the -Namespace and -Class parameters on the. Since it looks at the WSDL, I don't understand why it needs the -Namespace and -Class.
How to construct the request/response objects
Should the URL be the actual URL of the web service or should it include the ?wsdl suffix
UPDATE:
I found this blog which states:
The -Namespace parameter is optional and when not
specified then it gets a random value from the cmdlet.
I was thinking it was an XML Namespace, but it's a .NET framework namespace.
# Create the WebSvcURL variable and pass the WSDL URL
$WebSvcURL= “http://localhost/DEMO/SetPassKey/SetPassKey_Logic_SetPassKeyWebService_SetPassKeyWCF.svc?wsdl“
#Create the Web Service Proxy Object
$serviceProxy = New-WebServiceProxy -Uri $WebSvcURL -UseDefaultCredential -Namespace "MyNamespace" -Class Program
# Create Request Object
$req = New-Object ("MyNamespace.SetPassKeyOrchWebRequest")
$resp = New-Object ("MyNamespace.SetPassKeyOrchWebResponse")
$req.NewPassKey = "TEST" # <--- PUT YOUR NEW PASSWORD HERE
$resp = $serviceProxy.SetPassKey($req)
$resp
Now I get this error:
Exception calling "SetPassKey" with "1" argument(s): "The underlying connection was closed: An unexpected error occurred on a
receive."
The webservice can be called by a C# console program, so I know it works. Just need to call it from PowerShell.
I tried some things, and finally got it to work.
I did change my binding from WCF-WSHttp to WCF-BasicHttp.
I also followed this post, which said they only got it working by using the auto-generated namespace.
One of my issues originally was using "/" instead of "." as the separator between the namespace and the web request/response class names.
I'm still confused by the -namespace and -class parameters, as the post above said it only got the process working by using the autogenerated namespace (which happens when you omit the -namespace parm).
My code ended up something like this:
# Create the WebSvcURL variable and pass the WSDL URL
$WebSvcURL= “http://localhost/DEMO/SetPassKey/SetPassKey_Logic_SetPassKeyWebService_SetPassKeyWCF.svc?wsdl“
#Create the Web Service Proxy Object
$serviceProxy = New-WebServiceProxy -Uri $WebSvcURL -UseDefaultCredential
$autoGenNamespace = $serviceProxy.getType().namespace
write-host "Namespace=$namespace"
$req = New-Object ($autoGenNamespace + ".SetPassKeyOrchWebRequest")
$resp = New-Object ($autoGenNamespace + ".SetPassKeyOrchWebResponse")
$req.NewPassKey = "TEST" # <--- PUT YOUR NEW PASSWORD HERE
$req.NewPassKey = "TEST" # <--- PUT YOUR NEW PASSWORD HERE
Write-Host "Request:"
Write-Host ($req | Format-Table | Out-String)
Write-Host "About to call WebService"
$resp = $serviceProxy.SetPassKey($req)
Write-Host "Response:"
Write-Host ($resp | Format-Table | Out-String)
NOTE: Just putting the variable name without the write-host statement was causing things to come out in a different sequence. The FormatTable was still truncating some fields, so I will list each return string in my $resp separately.
Does anyone know how to pass Get-Credentials to a SQL login using powershell?
I have tried many different ways but no success.
This needs to run in winpe - i can get the credentials using Get-Credential but i need to use those to connect to SQL DB - i keep getting.
Login failed for 'NT AUTHORITY\ANONYMOUS LOGIN' The below code works fine in Windows - I am logged on as the user though so it must not be passing the credentials. if i remove the trusted_connection=true; i get the failed login and this is the best test for WINPE as no one is logged on. Is there a way to pass those Get-Credentials to SQL?
Either that or the same code does not work in WINPE - not sure why though?
$Cred = Get-Credential
Function SQL_CONNECT ($Query){
$ConnectionString = "server=VM855;database=LDMS2016;user id=$Cred.Username;password=$Cred.Password;trusted_connection=true;"
$SqlConnection = New-Object System.Data.SQLClient.SQLConnection($ConnectionString)
$SqlCmd = New-Object System.Data.SqlClient.SqlCommand
$SqlCmd.Connection = $SqlConnection
$SqlCmd.CommandText = $Query
$SqlAdapter = New-Object System.Data.SqlClient.SqlDataAdapter
$SqlAdapter.SelectCommand = $SqlCmd
$DataSet = New-Object System.Data.DataSet
$a = $SqlAdapter.Fill($DataSet)
$SqlConnection.Close()
$DataSet.Tables[0]
}
$Owners = SQL_CONNECT "Select Task_Name, Task_owner, first_action_query_date from PROV_HISTORY_TASK" | Select-Object Task_Owner, first_action_query_date
$Owners
SQL connections use either:
Windows Authentication ("Trusted_Connection=True")
or
SQL Authentication ("User Id=myUsername;Password=myPassword;")
You cannot have both "Trusted_Connection" and "User ID/Password", you have to pick one.
In order to use Windows Authentication, the PowerShell process must be running as the user that has access to the database. i.e. you have to launch the PowerShell process as impersonating that user, and run your code.
Rough example will look something like this:
# Get the other user's credentials
$credential = Get-Credential
# Execute a scriptblock as another user
$commands = #'
#....code....
$ConnectionString = "server=VM855;database=LDMS2016;trusted_connection=true;"
#.....etc....
'#
Start-Process -FilePath Powershell.exe -LoadUserProfile -Credential $credential -ArgumentList '-Command', $commands
Or, the easier method is to just use SQL authentication, and hard code the username/password.
$ConnectionString = "server=VM855;database=LDMS2016;user id=Username;password=Password;"
Or at the very least you will have to use Read-Host to read in the username and password because $Cred.Password returns System.Security.SecureString and not the password in plain text.
For ex.
$Username = Read-Host "User:"
$Password = Read-Host "Password:"
$ConnectionString = "server=VM855;database=LDMS2016;user id=$Username;password=$Password;"
I'm writing a webservice with PowerShell commands where I want to start and stop services on the local computer and also on remote computer.
It's not a problem to start and stop the services on remote computers. I do this with an WmiObject as you can see below.
If I want to start a local service it says that I don't have the permissions.
I can't use an WmiObject with Credentials if I want to start an local service.
What can I do to start the service with admin rights?
My Script (strScriptText):
$username = "domain\administrator"
$pw = convertto-securestring "password" -asplaintext -force
$cred = new-object -typename System.Management.Automation.PSCredential -argumentlist $username, $pw
$computername = "serverAB"
if ( $computername.Contains("serverAB")){(Get-WmiObject -class Win32_Service -filter "name='AppIDSvc'").startservice().returnvalue}
else {(Get-WmiObject -class Win32_Service -ComputerName $computername -Credential $cred -filter "name='AppIDSvc'").startservice().returnvalue}
vb:
runspace = RunspaceFactory.CreateRunspace()
runspace.Open()
pipeline = runspace.CreatePipeline()
pipeline.Commands.AddScript(strScriptText)
pipeline.Commands.Add("Out-String")
Can't you try to use the old .NET method through PowerShell.
# Create an authentication object
$ConOptions = New-Object System.Management.ConnectionOptions
$ConOptions.Username = "dom\jpb"
$ConOptions.Password = "pwd"
$ConOptions.EnablePrivileges = $true
$ConOptions.Impersonation = "Impersonate"
$ConOptions.Authentication = "Default"
# Creation of a rmote or local process
$scope = New-Object System.Management.ManagementScope("\\dom.fr\root\cimV2", $ConOptions)
$ObjectGetOptions = New-Object System.Management.ObjectGetOptions($null,
[System.TimeSpan]::MaxValue, $true)
$proc = New-Object System.Management.ManagementClass($scope,
"\\dom.fr\ROOT\CIMV2:Win32_Process", $ObjectGetOptions)
# Equivalent to :
# $proc = [wmiclass]"\\.\ROOT\CIMV2:Win32_Process"
# $res = $proc.Create("cmd.exe")