使用带有用户名和密码的Invoke-WebRequest进行GitHub API上的基本身份验证 [英] Use Invoke-WebRequest with a username and password for basic authentication on the GitHub API

问题描述

使用cURL，我们可以通过HTTP Web请求传递用户名，如下所示:

With cURL, we can pass a username with an HTTP web request as follows:

$ curl -u <your_username> https://api.github.com/user

-u标志接受用于身份验证的用户名，然后cURL将请求密码. cURL示例适用于使用GitHub Api进行基本身份验证.

The -u flag accepts a username for authentication, and then cURL will request the password. The cURL example is for Basic authentication with the GitHub Api.

我们如何类似地将用户名和密码与Invoke-WebRequest一起传递?最终目标是在GitHub API中使用PowerShell进行基本身份验证.

How do we similarly pass a username and password along with Invoke-WebRequest? The ultimate goal is to user PowerShell with Basic authentication in the GitHub API.

推荐答案

我在这里假设基本身份验证.

I am assuming Basic authentication here.

$cred = Get-Credential
Invoke-WebRequest -Uri 'https://whatever' -Credential $cred

您可以通过其他方式(例如Import-Clixml等)获得证书，但是它必须是[PSCredential]对象.

You can get your credential through other means (Import-Clixml, etc.), but it does have to be a [PSCredential] object.

GitHub正在破坏RFC，正如在您提供的链接中解释的那样:

GitHub is breaking RFC as they explain in the link you provided:

API支持RFC2617中定义的基本身份验证，其中包括一些 细微的差异.主要区别在于RFC要求 未经授权的请求，将通过401未经授权来回答 回应.在许多地方，这将揭示用户的存在 数据.取而代之的是，GitHub API会以404 Not Found响应.这可能 导致假设401未经授权的HTTP库出现问题 回复.解决方案是手动制作Authorization标头.

The API supports Basic Authentication as defined in RFC2617 with a few slight differences. The main difference is that the RFC requires unauthenticated requests to be answered with 401 Unauthorized responses. In many places, this would disclose the existence of user data. Instead, the GitHub API responds with 404 Not Found. This may cause problems for HTTP libraries that assume a 401 Unauthorized response. The solution is to manually craft the Authorization header.

据我所知，Powershell的Invoke-WebRequest在发送凭据之前会等待401响应，并且由于GitHub从不提供凭据，因此将永远不会发送您的凭据.

Powershell's Invoke-WebRequest does to my knowledge wait for a 401 response before sending the credentials, and since GitHub never provides one, your credentials will never be sent.

相反，您必须自己创建基本的auth标头.

Instead you'll have to create the basic auth headers yourself.

基本身份验证采用由用户名和密码组成的字符串，并用冒号user:pass分隔，然后发送该字符串的Base64编码结果.

Basic authentication takes a string that consists of the username and password separated by a colon user:pass and then sends the Base64 encoded result of that.

这样的代码应该可以工作:

Code like this should work:

$user = 'user'
$pass = 'pass'

$pair = "$($user):$($pass)"

$encodedCreds = [System.Convert]::ToBase64String([System.Text.Encoding]::ASCII.GetBytes($pair))

$basicAuthValue = "Basic $encodedCreds"

$Headers = @{
    Authorization = $basicAuthValue
}

Invoke-WebRequest -Uri 'https://whatever' -Headers $Headers

您可以合并一些字符串连接，但我想对其进行分解以使其更清晰.

You could combine some of the string concatenation but I wanted to break it out to make it clearer.

这篇关于使用带有用户名和密码的Invoke-WebRequest进行GitHub API上的基本身份验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！