Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Invoke-WebRequest should directly support Basic authentication
See original GitHub issueWe are working with more and more “Linux” based servers where we get instructions to run curl to say get back content for a .npmrc file from a product called Artifactory. This product uses Basic auth to accept credentials.
The instructions they give are:
curl -u<USERNAME>:<PASSWORD> http://artifactory.it.keysight.com:8081/artifactory/api/npm/auth
To get this to work in PowerShell using Invoke-WebRequest, this is the best I could come up with:
$userpassB64 = [byte[]][char[]]"hillr:OpenSesame" | ConvertTo-Base64 -NoLineBreak
$res = Invoke-WebRequest http://artifactory.my.company.com:8081/artifactory/api/npm/auth `
-Headers @{Authorization = "Basic $userpassB64"}
First, ConvertTo-Base64 is a PSCX command (we really need B64 encode/decode in PS Core). Second, Basic auth should be built-in like it is in CURL.
This what I’d like to see from Invoke-WebRequest:
$res = Invoke-WebRequest http://artifactory.my.company.com:8081/artifactory/api/npm/auth `
-UseBasicAuth -Credential (Get-Credential)
This -UseBasicAuth switch should also support the -UseDefaultCredentials parameter. However the trick is whether or not to include the Domain\ in the username field. That option, when coupled with -UseBasicAuth “probably” should not include the domain. In our scenario, Artifactory will fail to authenticate if the domain is specified. Either way, the user can always fall back to explicitly providing the username with -Credential (Get-Credential).
FYI, the curl docs on -u:
-u, --user user:password Specify the user name and password to use for server authentication. Overrides -n, --netrc and --netrc-optional. If you simply specify the user name, curl will prompt for a password. The user name and passwords are split up on the first colon, which makes it impossible to use a colon in the user name with this option. The password can, still. When using Kerberos V5 with a Windows based server you should include the Windows domain name in the user name, in order for the server to successfully obtain a Kerberos Ticket. If you don’t then the initial authentication handshake may fail. When using NTLM, the user name can be specified simply as the user name, without the domain, if there is a single domain and forest in your setup for example. To specify the domain name use either Down-Level Logon Name or UPN (User Principal Name) formats. For example, EXAMPLE\user and user@example.com respectively. If you use a Windows SSPI-enabled curl binary and perform Kerberos V5, Negotiate, NTLM or Digest authentication then you can tell curl to select the user name and password from your environment by specifying a single colon with this option: “-u :”. If this option is used several times, the last one will be used.
Issue Analytics
- State:
- Created 6 years ago
- Reactions:24
- Comments:45 (30 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
My two cents:
I don’t think accepting a PSCredential
-Tokenparameter where we only really need the password property makes sense.[SecureString]makes more sense to me as that is the only part we care about. If the user already has the token in a credential object, they can just pass in the securestring password with:Here are a couple of scenarios that I think
Invoke-RestMethodandInvoke-WebRequestshould support:I’m ok without the prompting. Thanks for working on this!