Solved: WFA SOAP script - getting windows credentials to avoid hardcoding pwds in the script

trentino123 · ‎2015-01-07

Hi All,

Does anyone know how to connect to WFA ( via SOAP powershell script ) so the powershell can use the existing windows credentials where the script is being executed ?

This is to avoid having to plaintext or hardcode the password somewhere in the script.

Thanks in advance!

sinhaa · ‎2015-01-07

I don't think we can use the existing windows user credentials for this. If you do not want to hardcode the WFA login password in the script, you can do the following:

1. Prompt the user for Credentials when executing the script. This is open a prompt for the user to enter credentials.

$wfaCreds = Get-Credential

#Now use this credential in your code with

$wfa = New-WebServiceProxy -Uri $uri -Credential $wfaCreds

2. Save the credentials in encrypted form in a password file. Only the windows user who created the file can decrypt it. So its fairly secure and can only be run by 1 user.

"password" | ConvertTo-SecureString -AsPlainText -Force | ConvertFrom-SecureString |Out-File C:\pass.txt

Now in your Powersell script: Get the contents of this file, convert to secure string and build your credential.

$pass = Get-Content C:\pass.txt

$wfaCreds = New-Object -TypeName System.Management.Automation.PSCredential -argumentlist $username,($pass | ConvertTo-SecureString)

sinhaa

If this post resolved your issue, help others by selecting ACCEPT AS SOLUTION or adding a KUDO.

View solution in original post

sinhaa · ‎2015-01-07

I don't think we can use the existing windows user credentials for this. If you do not want to hardcode the WFA login password in the script, you can do the following:

1. Prompt the user for Credentials when executing the script. This is open a prompt for the user to enter credentials.

$wfaCreds = Get-Credential

#Now use this credential in your code with

$wfa = New-WebServiceProxy -Uri $uri -Credential $wfaCreds

2. Save the credentials in encrypted form in a password file. Only the windows user who created the file can decrypt it. So its fairly secure and can only be run by 1 user.

"password" | ConvertTo-SecureString -AsPlainText -Force | ConvertFrom-SecureString |Out-File C:\pass.txt

Now in your Powersell script: Get the contents of this file, convert to secure string and build your credential.

$pass = Get-Content C:\pass.txt

$wfaCreds = New-Object -TypeName System.Management.Automation.PSCredential -argumentlist $username,($pass | ConvertTo-SecureString)

sinhaa

If this post resolved your issue, help others by selecting ACCEPT AS SOLUTION or adding a KUDO.

trentino123 · ‎2015-01-08

Thanks Sinhaa! It did the trick.

mbeattie · ‎2015-01-07

Hi,

You can cache your domain credentials in the WFA credential cache and invoke the workflow from a remote host using the REST API. The workflow can then retrieve the domain credentials using the "Get-WFACredential" Command to ensure the workflow you want to invoke is executed within the correct security context. There are some examples of using the REST API here:

http://community.netapp.com/t5/OnCommand-Storage-Management-Software-Articles-and-Resources/Interactive-execution-of-Workflows-as-CLI-using-REST-APIs-...

/matt

If this post resolved your issue, help others by selecting ACCEPT AS SOLUTION or adding a KUDO.

trentino123 · ‎2015-01-08

Thanks Matt,

That works fine , you only need the credentials stored in advance.

Thanks!