AvoidUsingAllowUnencryptedAuthentication
Severity Level: Warning
Description
Avoid using the AllowUnencryptedAuthentication parameter of Invoke-WebRequest and
Invoke-RestMethod. When using this parameter, the cmdlets send credentials and secrets over
unencrypted connections. This should be avoided except for compatibility with legacy systems.
For more details, see Invoke-RestMethod.
How
Avoid using the AllowUnencryptedAuthentication parameter.
Example 1
Wrong
Invoke-WebRequest foo -AllowUnencryptedAuthentication
Correct
Invoke-WebRequest foo
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for