Comments (12)
so why does it work with some connections, but not the one to Exchange Online?
Exchange online uses OAuth tokens but as the WSMan stack on Windows never supported OAuth natively it actually it just OAuth smuggled through basic authentication. So to the WSMan stack it see ok the application is requesting basic auth is my client configuration set to allow this. Exchange on prem uses Kerberos auth and normal Windows hosts can utilise NTLM and Kerberos through the Negotiate protocol which is separate from Basic auth. Basic auth has always been something you need to opt into and the Exchange Online modules even state you need to enable this. Granted they are moving away from this frankenstein setup into their own REST APIs but this applies to your WSManConnectionInfo
setup. This could even be the cause behind the problem but I'm not sure on that point.
why does the error message state that the server refused it?
It could be that's just the generic error message it gets back from a failed auth, the client doesn't necessarily know what the server offers just that it failed to auth.
Ultimately I could be wrong here but I know this is in a spot where the OAuth through WinRM with Exchange Online is deprecated and the whole stack behind it all was quite messy. It's a reason why they moved to their own REST APIs with the v3 module.
from powershell.
Has Basic auth been enabled on the client WinRM settings?
Get-Item WSMan:\Localhost\Client\Auth\Basic
from powershell.
@jborean93 would this be on the destination server, or the server running the .net app?
from powershell.
The client host that is running the WinRM code. PowerShell on Windows uses the native WinRM stack. The native stack only allows Basic auth (what the OAuth tokens are smuggled through) if the client allows you to do so and it’s not enabled by default.
from powershell.
@jborean93 well, this is something that was working at one point, and now is not working. The code typically runs from an Azure App Service, so I don't believe there is a way for me to run the Get-Item command. I can say that other operations that use basic auth to connect to our physical exchange environment work without issue. So I can only assume it is enabled.
from powershell.
The error is from the WSMan stack and PowerShell is just bubbling it back up to you. PowerShell has no control over this policy as it’s a system setting and while it provides you the ability to get and set it through the WSMan provider it cannot just enable it for one connection. The error you are getting is what I would expect if basic auth is disabled on the client settings and you requested it.
from powershell.
@jborean93 so why does it work with some connections, but not the one to Exchange Online? and why does the error message state that the server refused it?
The complete exception includes this: "The authentication mechanism requested by the client is not supported by the server or unencrypted traffic is disabled in the service configuration."
from powershell.
@jborean93 My on prem connection is using Basic, here is the code for it:
PSCredential cred = new(_username, _securePassword);
WSManConnectionInfo connectionInfo = new(_powerShellURI, "http://schemas.microsoft.com/powershell/Microsoft.Exchange", cred)
{
AuthenticationMechanism = AuthenticationMechanism.Basic
};
using Runspace runspace = RunspaceFactory.CreateRunspace(connectionInfo);
runspace.Open();
PowerShell ps0 = PowerShell.Create();
Also, my understanding is the System.Management.Automation
and Microsoft.PowerShell.Native
packages don't rely on any underlying system level configuration, they are self-contained libraries that allow .net apps to be shipped without any additional dependencies. At least this is the way it has been for the last 6 years when I initially built the first version of this application. As for migrating to rest APIs. I'd happily drop the PowerShell requirement and move to the Graph API, however the item I need to query for isn't exposed in the Graph API, and from what I can tell there are no plans to expose it.
I've been doing Basic auth from an Azure App Service using multiple versions of .net from Framework 4.7 to .net8 without having to do any WinRM changes on the server, or my local machine. None of the docs for the System.Management.Automation
package state any system dependencies or configuration changes that need to be made.
from powershell.
Also, my understanding is the System.Management.Automation and Microsoft.PowerShell.Native packages don't rely on any underlying system level configuration, they are self-contained libraries that allow .net apps to be shipped without any additional dependencies
For WSMan that is not the case, even for SSH that's also not the case as it relies on the ssh
binary being present. On Windows it relies on the WsmSvc.dll
that Windows provides and non-Windows it's the libmi
library that PowerShell used to ship with and was pretty old and hard to get working (and yet another reason the Exchange Online module has gone to their own REST API).
from powershell.
This issue has been marked as answered and has not had any activity for 1 day. It has been closed for housekeeping purposes.
from powershell.
📣 Hey @nickjmcclure, how did we do? We would love to hear your feedback with the link below! 🗣️
🔗 https://aka.ms/PSRepoFeedback
from powershell.
@daxian-dbw I noticed this was marked as answered, but it hasn't been answered. The information provided by @jborean93 doesn't apply here.
from powershell.
Related Issues (20)
- Restart-Computrr add proxyaccestype
- What programming guidelines are there for PowerShell against the AMSI threat vector? HOT 8
- Get-ADComputer doesn't return nTSecurityDescriptor content HOT 2
- update ::user privilege to access powershell HOT 9
- Out-File not reporting error on failure to write to UNC network path when stream is being repeatedly opened and closed. HOT 2
- When "Controlled Folder Access" is enabled, PowerShell 7.4.2 is so Slow it's Unusable HOT 5
- I want return an empty array in a function, but it return a null value. HOT 13
- Please support Ubuntu 24.04 as soon as possible,thku HOT 4
- ForEach-Object -Parallel / Start-ThreadJob don't honor unsilencing of silent-by-default streams via common parameters HOT 6
- Add support for Enterprise signed scripts HOT 7
- No runspace available to run scripts in this thread. You can provide one in the DefaultRunspace property HOT 11
- [Regression in 7.4.2] Statement in finally block stop working when ctrl-c is pressed that stops script running in the try block
- PowerShell extended property `BaseName` for `DirectoryInfo` is inconsistent when there is an `extension` HOT 34
- `$PSScriptRoot` unpopulated when script missing the `.ps1` file extension HOT 10
- `-LiteralPath` still interprets `~` HOT 8
- Invoke-Command does not support -Startuptype AutomaticDelayedStart HOT 3
- Default case in Switch not called when variable is in an undefined state HOT 6
- Integers passed to a method expected an array implicitly allocate an array of that length HOT 10
- Wildcards in the middle of a path don't work in Get-ChildItem with -Recurse and -File
- Split-Path can't resolve paths with [brackets] HOT 6
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from powershell.