PowerShell - Query REST API with unsigned cert

1
votes

I've recently switched from using the PowerShell ISE to using Visual Studio Code

When I run my PowerShell scripts from within VSC on my office PC (Win 10 64Bit), none of the REST connections that use Invoke-RestMethod over HTTPS will authenticate against servers that use an unsigned SSL cert. When run from within VSC on my home PC (also Win 10 64bit), all works OK.

I have a function in the PowerShell that uses System.Net.Security to deal with unsigned SSL certs, which works perfectly when I run the code as native PowerShell or from the ISE

Here is how I compensate for Invoke-RestMethod connecting via SSL sessions with self-signed certs:

if (-not("dummy" -as [type])) {
  add-type -TypeDefinition @"
  using System;
  using System.Net;
  using System.Net.Security;
  using System.Security.Cryptography.X509Certificates;

  public static class Dummy {
    public static bool ReturnTrue(object sender,
    X509Certificate certificate,
    X509Chain chain,
    SslPolicyErrors sslPolicyErrors) {
        return true;
    }

    public static RemoteCertificateValidationCallback GetDelegate() {
        return new RemoteCertificateValidationCallback(Dummy.ReturnTrue);
    }
  }
"@
}

[System.Net.ServicePointManager]::ServerCertificateValidationCallback = [dummy]::GetDelegate()
[System.Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12

I also encode the username + password into a Base64 encoded hash that is the header for the Invoke-RestMethod call:

$pair = "${username}:${password}"
$bytes = [System.Text.Encoding]::ASCII.GetBytes($pair)
$base64 = [System.Convert]::ToBase64String($bytes)
$basicAuthValue = "Basic $base64"
$headers = @{ Authorization = $basicAuthValue }

So the complete call sequence is:

Invoke-RestMethod -Uri "https://theserver.com/rest/api/whatever" -Method Get -Headers $headers

The server hosting the REST API, Confluence using Apache Tomcat, accepts the authentication when the PowerShell is run from within the ISE or executed directly, but throws back a response that the connection isn't authenticated if I try to run it from within VSC, but only on the PC at the office, not at home. I'm suspecting a security certificate issue or a policy interaction.

1
powershellsslvisual-studio-code
Can you share the function you mentioned? And what you mean by it doesn't work from VSC? Any errors? - Robert Dyjas
Updated with code samples - David Bakkers
What is the full error? Can you add it too? - Robert Dyjas
Just updated the original post. I'm at home and it works via VSC locally! Will try in the office on Monday and post the response from Confluence. - David Bakkers

1 Answers

0
votes

I just compared the branch of the version I had in the office with the prior one and found a tiny typo that was screwing the de-coding of the password without me noticing it.

It wasn't VSC after all; just me not being diligent.