How to validate login credentials in PowerShell script

Question

How to validate login credentials in PowerShell script

Prabha 241

I have provided the root url, it is validating the timeout, then it is checking for suburl (login page) and after that validating login credentials using basic auth. How to check whether the login page( rooturl+relativeurl) is logged in successfully or else should throw an error. Do we need to change anything else in the code, please shed some suggestions.

1 answer

Your answer

Answer 1

Rich Matheisen 47,901

Let me ask you a question: does your initial Invoke-WebRequest return a 401 status? If not, if you provide a -Credential value on the initial Invoke-WebRequest does it accept the credential or does it respond with a 401 status?

Line 5 and 8: $authenticationDetails is undefined.
Line 12: missing -ErrorAction STOP
Line 15: if the Invoke-WebRequest is successful you still send "Page is down" to the screen.
Line 15: if the Invoke-WebRequest throws an error, the script aborts.
Line 23 and 25: The seem to be a duplicate (with the exception that line 25 doesn't store the result and uses a timeout)
Line 32: You note an error and say there's a status code but you never provide one.

Consider adding "Set-StrictMode -Version Latest" at the beginning of your script. Correct any problems it complains about.

Prabha 241 Reputation points

2021-10-20T09:43:09.733+00:00

Rich, could you help me in modifying the script.
Rich Matheisen 47,901 Reputation points

2021-10-20T18:17:52.13+00:00
You could try helping yourself! I ran your script and, oh look!

The variable '$authenticationDetails' cannot be retrieved because it has not been set.
At line:6 char:35

$loginPage = "$baseurl$($authenticationDetails.url)" <# it ...

~~~~~~~~~~~~~~~~~~~~~~

CategoryInfo : InvalidOperation: (authenticationDetails:String) [], RuntimeException

FullyQualifiedErrorId : VariableIsUndefined

Did you not see that when you ran your script????

I had previously noted a problem on line 12 in my last reply. That hasn't changed.

Also:

The property 'Response' cannot be found on this object. Verify that the property exists.
At C:\Junk\badcode.ps1:19 char:54

... ttempt failed with $($_.Exception.Response.StatusCode.value__) , retr ...

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

CategoryInfo : NotSpecified: (:) [], PropertyNotFoundException

FullyQualifiedErrorId : PropertyNotFoundStrict
Prabha 241 Reputation points

2021-10-20T18:40:47.18+00:00

Thank you, will look.
Prabha 241 Reputation points

2021-10-24T11:03:32.18+00:00

Rich, As per the successful status code of Root url, it has to go to login page that is defined from suburl.json file.After executing attached validatecredentials ps script, got the attached output :

143134-validatecredentials.txt 143097-suburl.txt

MotoX80 36,291

The password needs to be a secure string.

$secpasswd = ConvertTo-SecureString $pass -AsPlainText -Force
$credential = New-Object –TypeName "System.Management.Automation.PSCredential" –ArgumentList $user, $secpasswd

Rich Matheisen 47,901 Reputation points

2021-10-24T15:10:55.24+00:00

Did you notice that in the TXT file, and in your code sample, that the two "hypens" in the New-Object cmdlet are actually "en-dash" characters?

Oddly, when you paste that code into a PowerShell session they magically turn into hyphens! In a VS Code editor they generate warnings (probably because I have the "unicode-substitutions" extension installed), but the code still runs -- gotta luv "linting"!
MotoX80 36,291 Reputation points

2021-10-24T15:48:51.953+00:00
Interesting. They are 3F's instead of 2D's. I use Notepad++ for txt files. It opens as UTF-8 which I copied into ISE. Visually I can't see a difference in those apps. But I can see the difference below.

"-" | format-hex "–" | format-hex

Blame the web site that Swabha copied the code from.
Prabha 241 Reputation points

2021-10-24T16:37:59.88+00:00

Thank you Rich for notifying and Thank you MotoX80.

If I want to know it is successfully logged in to a login page using credentials, how can we check that.
Rich Matheisen 47,901 Reputation points

2021-10-24T21:38:04.017+00:00

The Invoke-WebRequest will fail. If it's a credential problem you'll probably get 403 status, or a 401. Which one depends on whether the credential are valid or if you simply don't have access to the site.
Prabha 241 Reputation points

2021-10-25T06:01:04.673+00:00

I have got the below output with status - 200. How to know whether I have successfully logged in to a login page. Is there any way to check the user is successfully authenticated after login.
Rich Matheisen 47,901 Reputation points

2021-10-25T15:17:02.147+00:00

Do you understand the meaning of the HTTP status codes? List_of_HTTP_status_codes
MotoX80 36,291 Reputation points

2021-10-25T16:12:07.81+00:00

Is there any way to check the user is successfully authenticated after login.

Make another call to a secured page and see if it works or not. You will likely need to maintain a session.

https://powershellcookbook.com/recipe/vODQ/script-a-web-application-session
Prabha 241 Reputation points

2021-10-25T17:34:06.773+00:00

Yeah I know Rich. After Login page is successful and authenticated with correct username/password, Then it should go to the other suburls under the json file. In my case, if we do not provide correct username / password, it is going to the loop of suburls and provided the status codes which should not go actually.
Prabha 241 Reputation points

2021-10-25T17:59:05.367+00:00

Thank you Motox80. Hence the whole concept of the code is Initially it should check the root url status after startup and then it should login with user name/password with base auth to a login page, then it should go to the other suburls under the json file but it is not checking whether it is successful login or unsuccessful, it is going to the suburl and providing status codes 200 irrespective of it. We need to provide if condition after successful authentication before going to the other suburls.143571-authenticateurl.txt

143563-suburl.txt
MotoX80 36,291 Reputation points

2021-10-25T22:11:05.543+00:00
Well, Rich and myself are at a severe disadvantage here, because we don't know how your web site works and we have no way to run a test to see what it does. So from an HTTP point of view, a 200 indicates a protocol success, but the actual content of the page may contain an error message indicating that it didn't like something.

$var = Invoke-RestMethod @params

In the above call, you will to check $var.Content and look for the text that indicates a success or failure.
Rich Matheisen 47,901 Reputation points

2021-10-26T01:54:46.19+00:00

Each of what you're calling a "sub-url" is really another site. And each site has it's own set of security restrictions. Sites in the same domain (e.g. "A.B") may exist on different machines!

Just because you successfully connect to "A.B" does not imply that you'll be able to connect to "A.B/Site1" or "A.B/Site2" using those same credentials. Site1 may allow anonymous connections. Site2 may allow only certain users access. Site3 may allow a different set of users access, or it may allow a different level of access to the same set of users.
Prabha 241 Reputation points

2021-10-26T06:37:35.42+00:00

Rich, we are calling the suburls inside of the same root url. So as per your above comments, would it not possible if the authentication of the webpage is successful, then it should check for the sub urls of under the same root url?

Share via

How to validate login credentials in PowerShell script

1 answer

Your answer