Mads Moi-Aune
Web requests with basic authentication in Powershell
HTTP Basic Authentication is one of many authentication schemes supported by the HTTP protocol, and is a very common option when authenticating to a web service. The basic authentication scheme is very simple and consists of generating a base64 token from your username and password seperated by a colon (:) and putting the token in an Authorization HTTP header. Let’s explore some examples in Powershell.
Manually creating the token
Let’s start with an example from scratch.
1# We define our username and password. Ideally this should come from environment variables
2# or some secret store
3$username = "user1"
4$password = "pa55w0rd!"
5
6# Join them into a single string, seperated by a colon (:)
7$pair = "{0}:{1}" -f ($username, $password)
8
9# Turn the string into a base64 encoded string
10$bytes = [System.Text.Encoding]::ASCII.GetBytes($pair)
11$token = [System.Convert]::ToBase64String($bytes)
12
13# Define a basic 'Authorization' header with the token
14$headers = @{
15 Authorization = "Basic {0}" -f ($token)
16}
17
18# Send a web request using our authorization header
19$response = Invoke-RestMethod -Uri "https://example.com/api" -Headers $headers
As you can see from the example above, we take our username and password and combine them into a single string seperated by a colon (:). Then we take that string and turn it into a Base64 encoded string. This is our token that we need to pass into the Authorization header. Our token will look like this.
dXNlcjE6cGE1NXcwcmQh
Line 14-16 is were we create a custom header object to send with our request. Here we define the Authorization header and we tell it to use Basic authorization and then we provide our token.
On the last line we send our request with the custom header.
The powershell way
Since Basic Authentication is so common, Powershell has of course implemented a simpler solution.
1# Again, these should come from env vars, Key Vault or some other secret store
2$username = "user1"
3$password = "pa55w0rd!"
4
5# Since our password is plaintext we must convert it to a secure string
6# before creating a PSCredential object
7$securePassword = ConvertTo-SecureString -String $password -AsPlainText
8$credential = [PSCredential]::new($username, $securePassword)
9
10# Tell Invoke-RestMethod to use Basic Authentication scheme with our credentials
11$response = Invoke-RestMethod -Uri "https://example.com/api" -Authentication Basic -Credential $credential
This works by telling the Invoke-RestMethod cmdlet which authentication scheme we want to use and provide a PSCredential object and it will do the rest for us.
This way is much simpler because we dont need to worry about generating the token and in many situations we already have a PSCredential object.
Conclusion
Knowing how to use basic authentication with Powershell can be very handy since most systems support this authentication scheme. As we saw in this article Powershell has made it really simple to use.