none
Using Invoke-WebRequest to access Windows credential protected websites RRS feed

  • Question

  • I'm trying to access a website that is protected by integrated Windows authentication. Now, this is easy to do if the script is running as the user that has access to the website with:

    Invoke-WebRequest "http://intranet/" -UseDefaultCredentials

    But I have to run this as a user that doesn't have access. In a browser this isn't a problem. If you try to access a site the logged in user can't access, the server returns a 401 and the browser asks you to input some different credential. I tried to duplicate this using something like

    $encrypted_password = ConvertTo-SecureString "P@ssw0rd" -AsPlainText -Force
    $cred = New-Object System.Management.Automation.PSCredential("domain\username", $encrypted_password)
    Invoke-WebRequest "http://intranet/" -Credential $cred

    But no matter how I spell the username, I keep getting 401s on the last command.

    Is there a way to do what I'm trying to do? Or is there some way that NTLM/Kerberos works that just blocks Powershell from getting proper website credentials if I'm not logged on as the user himself?

    Thursday, May 16, 2019 10:54 AM

Answers

  • Does it work if you open a PowerShell console window using the other user's credentials and then run the cmdlet?

    -- Bill Stewart [Bill_Stewart]

    Thursday, May 16, 2019 3:48 PM
    Moderator

All replies

  • Does it work if you open a PowerShell console window using the other user's credentials and then run the cmdlet?

    -- Bill Stewart [Bill_Stewart]

    Thursday, May 16, 2019 3:48 PM
    Moderator
  • Yes, if I start the console as a different user and then use -UseDefaultCredentials it works.

    This won't work for my specific case though because the same script needs to do some file system operations that require being logged on as a different user. I guess I could do those using Start-Job and the second users credential though...

    Friday, May 17, 2019 6:56 AM