none
Sample code required for Invoke-RestMethod using HTTPS and Basic Authorisation

    Question

  • I'm trying to use powershell V3 to play with a HTTPS restful API but am having difficult connecting to it!

    I used FireFox's RESTClient to verify I'm using correct API calls and basic authorisation headers.

    When I transfer the same calls into Powershell it fails to connect :(

    my code:


    # This nugget should help me to get around any self-signed certificate issues I believe
    $netAssembly = [Reflection.Assembly]::GetAssembly([System.Net.Configuration.SettingsSection])
     
    if($netAssembly)
    {
        $bindingFlags = [Reflection.BindingFlags] "Static,GetProperty,NonPublic"
        $settingsType = $netAssembly.GetType("System.Net.Configuration.SettingsSectionInternal")
     
        $instance = $settingsType.InvokeMember("Section", $bindingFlags, $null, $null, @())
     
        if($instance)
        {
            $bindingFlags = "NonPublic","Instance"
            $useUnsafeHeaderParsingField = $settingsType.GetField("useUnsafeHeaderParsing", $bindingFlags)
     
            if($useUnsafeHeaderParsingField)
            {
              $useUnsafeHeaderParsingField.SetValue($instance, $true)
            }
        }
    }
    
    [System.Net.ServicePointManager]::ServerCertificateValidationCallback = {$true}
    
    $username = 'XXX'
    $upassword = 'XXX'
    
    $auth = $username + ':' + $upassword
    
    $Encoded = [System.Text.Encoding]::UTF8.GetBytes($auth)
    $EncodedPassword = [System.Convert]::ToBase64String($Encoded)
    
    $headers = @{"Authorization"="Basic $($EncodedPassword)"}
    
    Invoke-RestMethod -Uri https://192.168.5.3:8444/csa/rest/login/CSA-Provider/admin -Header $headers -Method Get
    


    The first time this is run I get the following error :

     

    PS C:\Users\landg> C:\Users\landg\Documents\Scripts\CSA API\CSA_API_DEMO_take5.ps1
    Invoke-RestMethod : Unable to connect to the remote server
    At C:\Users\landg\Documents\Scripts\CSA API\CSA_API_DEMO_take5.ps1:35 char:1
    + Invoke-RestMethod -Uri https://192.168.5.3:8444/csa/rest/login/CSA-Provider/admi ...
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-RestMethod], WebException
        + FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeRestMethodCommand

    And all subsequent runs produce this error :

    PS C:\Users\landg> C:\Users\landg\Documents\Scripts\CSA API\CSA_API_DEMO_take5.ps1
    Invoke-RestMethod : The underlying connection was closed: An unexpected error occurred on a send.
    At C:\Users\landg\Documents\Scripts\CSA API\CSA_API_DEMO_take5.ps1:35 char:1
    + Invoke-RestMethod -Uri https://192.168.5.3:8444/csa/rest/login/CSA-Provider/admi ...
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-RestMethod], WebException
        + FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeRestMethodCommand

    I've run out of things to try but feel certain it's a security/certificate issue with my setup.

    I also noticed when I go back to basics that this also produces the same error - 

    Invoke-WebRequest -Uri https://www.google.co.uk -Method Get

    but works if I use HTTP://

    All suggestions would be greatly appreciated.

    Kind Regards,

    Graham.

    Friday, August 31, 2012 11:48 AM

Answers

  • I found this work around which has help to to get a HTTP 500 response now :) At least it progress.

    Here's my latest 'working' code snippet :

    add-type @"
        using System.Net;
        using System.Security.Cryptography.X509Certificates;
        
        public class IDontCarePolicy : ICertificatePolicy {
            public IDontCarePolicy() {}
            public bool CheckValidationResult(
                ServicePoint sPoint, X509Certificate cert,
                WebRequest wRequest, int certProb) {
                return true;
            }
        }
    "@
    [System.Net.ServicePointManager]::CertificatePolicy = new-object IDontCarePolicy 
    
    Invoke-RestMethod -Uri https://192.168.5.3:8444/csa/rest/login/CSA-Provider/admin -Headers @{"AUTHORIZATION"="Basic YWRtaW46Y2xvdWQ="} -Method Get
    

    Hopefully this may save others many frustrating hours.....

    • Marked as answer by Graham Land Friday, August 31, 2012 6:51 PM
    Friday, August 31, 2012 6:51 PM

All replies

  • I should also mention that I'm using self-signed certificates whose machine name doesn't match that of the certificate - but I'm sure this isn't the same for google!
    Friday, August 31, 2012 12:10 PM
  • I found this work around which has help to to get a HTTP 500 response now :) At least it progress.

    Here's my latest 'working' code snippet :

    add-type @"
        using System.Net;
        using System.Security.Cryptography.X509Certificates;
        
        public class IDontCarePolicy : ICertificatePolicy {
            public IDontCarePolicy() {}
            public bool CheckValidationResult(
                ServicePoint sPoint, X509Certificate cert,
                WebRequest wRequest, int certProb) {
                return true;
            }
        }
    "@
    [System.Net.ServicePointManager]::CertificatePolicy = new-object IDontCarePolicy 
    
    Invoke-RestMethod -Uri https://192.168.5.3:8444/csa/rest/login/CSA-Provider/admin -Headers @{"AUTHORIZATION"="Basic YWRtaW46Y2xvdWQ="} -Method Get
    

    Hopefully this may save others many frustrating hours.....

    • Marked as answer by Graham Land Friday, August 31, 2012 6:51 PM
    Friday, August 31, 2012 6:51 PM