How to add MFA to an invoke-webrequest script


I am somewhat new to powershell and am posting to hopefully get some guidance adding MFA to a script to allow me to access a webpage to check against text content in order to setup monitoring for the site (http content monitor). The site is using 2fa, where the second factor is the answer to a question. I took a look at the invoke-webrequest MS docs and searched quite a bit on adding MFA to the script but not able to find anything. There seems to be plenty of articles for Office 360, Exchange, SP, and Azure and leveraging their modules that support MFA.

If anyone has any insight or direction that they could provide me I would greatly appreciate it.

There’s no built-in mechanism for doing so. From what you’re describing, the existing process happens entirely within the browser, which means you’d basically have to code that process. You’d need to use the ancient, unsupported Internet Explorer COM object to manipulate the page, insert information, click buttons, etc. You’re basically writing a web browser. It will be painful and unsatisfying.

Those other modules work because those products explicitly provide an API for authentication - you’re not just poking a web page.

Don - Thank you for the response. Seems like this is going to be a lot of work. I am going to continue looking for other potential solutions. Our existing monitoring tool only supports basic authentication, so that is why I am on this journey to find a way to monitor my site. If I find anything that works or is useful I will add it to the post.

You really want something that exposes an API. That way, you can query it. APIs usually have clear and understandable authentication mechanisms.

Basic authentication - e.g., basic HTTP authentication, versus just typing something into a web page - you can do with Invoke-WebRequest. It’s just a header you add to the request. That said, hand-crafting request headers isn’t for the faint of heart, and it isn’t really a unique-to-PowerShell thing.

Something supporting a REST API would be easiest.