forked from Badgerati/Pode
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathWeb-AuthBasicClientcert.ps1
More file actions
76 lines (61 loc) · 2.51 KB
/
Web-AuthBasicClientcert.ps1
File metadata and controls
76 lines (61 loc) · 2.51 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
<#
.SYNOPSIS
PowerShell script to set up a Pode server with HTTPS and client certificate authentication.
.DESCRIPTION
This script sets up a Pode server that listens on a specified port with HTTPS using a self-signed certificate.
It enables client certificate authentication for securing access to the server.
.EXAMPLE
To run the sample: ./Web-AuthBasicClientcert.ps1
.LINK
https://github.com/Badgerati/Pode/blob/develop/examples/Web-AuthBasicClientcert.ps1
.NOTES
Author: Pode Team
License: MIT License
#>
try {
# Determine the script path and Pode module path
$ScriptPath = (Split-Path -Parent -Path $MyInvocation.MyCommand.Path)
$podePath = Split-Path -Parent -Path $ScriptPath
# Import the Pode module from the source path if it exists, otherwise from installed modules
if (Test-Path -Path "$($podePath)/src/Pode.psm1" -PathType Leaf) {
Import-Module "$($podePath)/src/Pode.psm1" -Force -ErrorAction Stop
}
else {
Import-Module -Name 'Pode' -MaximumVersion 2.99 -ErrorAction Stop
}
}
catch { throw }
# or just:
# Import-Module Pode
# create a server, flagged to generate a self-signed cert for dev/testing, but allow client certs for auth
Start-PodeServer {
# bind to ip/port and set as https with self-signed cert
Add-PodeEndpoint -Address localhost -Port 8443 -Protocol Https -SelfSigned -AllowClientCertificate
# set view engine for web pages
Set-PodeViewEngine -Type Pode
# setup client cert auth
New-PodeAuthScheme -ClientCertificate | Add-PodeAuth -Name 'Validate' -Sessionless -ScriptBlock {
param($cert, $errors)
# validate the thumbprint - here you would check a real cert store, or database
if ($cert.Thumbprint -ieq '3571B3BE3CA202FA56F73691FC258E653D0874C1') {
return @{
User = @{
ID ='M0R7Y302'
Name = 'Morty'
Type = 'Human'
}
}
}
# an invalid cert
return @{ Message = 'Invalid certificate supplied' }
}
# GET request for web page at "/"
Add-PodeRoute -Method Get -Path '/' -Authentication 'Validate' -ScriptBlock {
#$WebEvent.Request.ClientCertificate | out-default
Write-PodeViewResponse -Path 'simple' -Data @{ 'numbers' = @(1, 2, 3); }
}
# GET request throws fake "500" server error status code
Add-PodeRoute -Method Get -Path '/error' -Authentication 'Validate' -ScriptBlock {
Set-PodeResponseStatus -Code 500
}
}