Active IQ Unified Manager Discussions

WFA SOAP script - getting windows credentials to avoid hardcoding pwds in the script

trentino123
4,553 Views

Hi All,

 

Does anyone know how to connect to WFA ( via SOAP powershell script ) so the powershell can use the existing windows credentials where the script is being executed ?

 

This is to avoid having to plaintext or hardcode the password somewhere in the script.

 

Thanks in advance!

1 ACCEPTED SOLUTION

sinhaa
4,551 Views

I don't think we can use the existing windows user credentials for this. If you do not want to hardcode the WFA login password in the script, you can do the following:

 

1. Prompt the user for Credentials when executing the script. This is open a prompt for the user to enter credentials.

 

$wfaCreds = Get-Credential

 

#Now use this credential in your code with 

$wfa = New-WebServiceProxy -Uri $uri -Credential $wfaCreds

 

 

2. Save the credentials in encrypted form in a password file. Only the windows user who created the file can decrypt it. So its fairly secure and can only be run by 1 user.

 

"password" | ConvertTo-SecureString -AsPlainText -Force | ConvertFrom-SecureString |Out-File C:\pass.txt

 

Now in your Powersell script: Get the contents of this file, convert to secure string and build your credential.

 

$pass = Get-Content C:\pass.txt

 

$wfaCreds =  New-Object -TypeName System.Management.Automation.PSCredential -argumentlist $username,($pass | ConvertTo-SecureString)

 

sinhaa

If this post resolved your issue, help others by selecting ACCEPT AS SOLUTION or adding a KUDO.

View solution in original post

4 REPLIES 4

sinhaa
4,552 Views

I don't think we can use the existing windows user credentials for this. If you do not want to hardcode the WFA login password in the script, you can do the following:

 

1. Prompt the user for Credentials when executing the script. This is open a prompt for the user to enter credentials.

 

$wfaCreds = Get-Credential

 

#Now use this credential in your code with 

$wfa = New-WebServiceProxy -Uri $uri -Credential $wfaCreds

 

 

2. Save the credentials in encrypted form in a password file. Only the windows user who created the file can decrypt it. So its fairly secure and can only be run by 1 user.

 

"password" | ConvertTo-SecureString -AsPlainText -Force | ConvertFrom-SecureString |Out-File C:\pass.txt

 

Now in your Powersell script: Get the contents of this file, convert to secure string and build your credential.

 

$pass = Get-Content C:\pass.txt

 

$wfaCreds =  New-Object -TypeName System.Management.Automation.PSCredential -argumentlist $username,($pass | ConvertTo-SecureString)

 

sinhaa

If this post resolved your issue, help others by selecting ACCEPT AS SOLUTION or adding a KUDO.

trentino123
4,518 Views

Thanks Sinhaa! It did the trick.

mbeattie
4,542 Views

Hi,

 

You can cache your domain credentials in the WFA credential cache and invoke the workflow from a remote host using the REST API. The workflow can then retrieve the domain credentials using the "Get-WFACredential" Command to ensure the workflow you want to invoke is executed within the correct security context. There are some examples of using the REST API here:

 

http://community.netapp.com/t5/OnCommand-Storage-Management-Software-Articles-and-Resources/Interactive-execution-of-Workflows-as-CLI-using-REST-APIs-...

 

/matt

 

 

 

If this post resolved your issue, help others by selecting ACCEPT AS SOLUTION or adding a KUDO.

trentino123
4,516 Views

Thanks Matt,

 

That works fine , you only need the credentials stored in advance.

 

Thanks!

Public