Recently I have developed a couple of PowerShell based components that will serve as data crawlers for federated data sources like External Web Services, SQL Server Databases, and Excel Workbooks & SharePoint Lists.
In order to authenticate the Service Accounts against all of these sources I had no choice but to embed the User Name and Passwords with in the PowerShell Code in plain text. It gets even worst when few of the Web Services could support only “Basic Authentication”.
Saving passwords in plain text to code files could lead us to the Compliance Issues and could get the solutions rejected eventually.
In order to fix this issue I have implemented a couple of mechanism to deal with each type of Authentication requirements.
In this article I will discuss the mechanism to authenticate the requests to SharePoint Lists.
In order to simplify this demo let’s consider a simple scenario where I am having a list “MyLocations” as shown below and I need to export its metadata using a PowerShell based component.
To keep the content crisp I will walk you through the specific section from code and skipping all the CSOM specific code which you can refer in my earlier articles if you like.
I have intentionally divided this implementation into two separate code files in order to keep the passwords safe from the developers. Intent is to get the Encryption File generated by the SharePoint Admins and provided these files to developers for so that they can use it in code directly as shown below.
In the following code snippet you can see the commands to encrypt password “12345678” and export it to a text file “BANSALP.txt”
This file would look like as shown below:
This way you can store passwords for all required service accounts in different text files without violating Security Compliance.
Now in order to pass this encrypted password to SharePoint for authentication we can make use of “System.Management.Automation.PSCredential” Class as shown below.
Here “Get-Content” Command let is used to read the content from “BANSALP.txt” file and “ConvertTo-SecureString” Command let to get the encrypted password as secure string
Once credential Object has been created we can assign this credential object to SharePoint Client Context “Credentials” Property
With this Client Context SharePoint Authenticates the incoming request based on the ACL of the requestor
Following is the outcome of the call that we have send to SharePoint:
I have exported the metadata to a “csv” file as well that would look like this.
Hope you find it helpful.