I’ve trying to logon to a Gemini website using PowerShell but so far I’ve not been able to figure out how to use the commands in the documentation .
https://docs.countersoft.com/api-authentication-methods/
I’ve tried changing this…
var geminiUrl = "http://localhost/gemini/api/type/55";
var geminiUsername = Base64("user:"+ Base64(md5("password"))); // user:password
$.ajax({
url: geminiUrl,
type: "GET",
headers: { "Authorization": "Basic " + geminiUsername },
success: function (data) {
alert('Success!');
}
});
To this, see below, but not getting anywhere.
$Url = "https://ops.ourweb.com/api/type/55"
$user = "joebloggs"
$pass = "Passw0rd1"
$secpasswd = ConvertTo-SecureString $pass -AsPlainText -Force
$cred = New-Object System.Management.Automation.PSCredential ($user, $secpasswd)
Invoke-RestMethod -Uri $Url -Method "Get" -Credential $cred -ContentType "application/json"
Your PowerShell does not match the JavaScript functionality.
ConvertTo-SecureString is not the same thing as Base64(“user:”+ Base64(md5(“password”)));
And -Credential on the invoke-RestMethod is using windows authentication, which is not what the API is expected. It is expecting the Base64 encoded username and MD5 password hash to be passed in the Authorization header value. You would need to mimic this in PowerShell
You could use the Get-StringHash function to generate the MD5 hash (Browse code samples | Microsoft Docs)
IE something like this to build the authentication string:
#Get-StringHash function from https://gallery.technet.microsoft.com/scriptcenter/Get-StringHash-aa843f71#
Function Get-StringHash([String] $String,$HashName = "MD5")
{
$StringBuilder = New-Object System.Text.StringBuilder
[System.Security.Cryptography.HashAlgorithm]::Create($HashName).ComputeHash([System.Text.Encoding]::UTF8.GetBytes($String))|
ForEach-Object {
[Void]$StringBuilder.Append($_.ToString("x2"))
}
$StringBuilder.ToString()
}
$encodedpass = [System.Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes((Get-StringHash -String "[password goes here]")))
$geminiUsername = [System.Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes("<user>:$encodedpass"))
Then when you do your Invoke-RestMethod call, you need to pass it as a header value using -header, not a credential using -credential
Thanks Curtis.
I gave that a try but got an error:
Cannot bind parameter 'Headers'. Cannot convert the
"ZWJzaVxpYmFybmV0c29uOk56WXdabVZrWlRWbE1HRTVZelUxTmpoa01tRTNaakJtTWpNNU5HUXdaakU9" value of type "System.String" to type "System.Collections.IDictionary"
This is what I ran
Function Get-StringHash([String] $String,$HashName = "MD5")
{
$StringBuilder = New-Object System.Text.StringBuilder
[System.Security.Cryptography.HashAlgorithm]::Create($HashName).ComputeHash([System.Text.Encoding]::UTF8.GetBytes($String))|
ForEach-Object {
[Void]$StringBuilder.Append($_.ToString("x2"))
}
$StringBuilder.ToString()
}
$encodedpass = [System.Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes((Get-StringHash -String "Password!")))
$geminiUsername = [System.Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes("mydomain\myusername:$encodedpass"))
$Url = "https://ops.domain.com/api/type/55"
Invoke-RestMethod -Uri $Url -Method Post -Header $geminiUsername -ContentType "application/json"
I also tried without the "mydomain\myusername", same error returned.
You are not using -header correctly
the value of header is expected to be a dictionary, not a string