在ASP.NET/C#页面中提示输入凭据，并传递给PowerShell [英] Prompt for credentials in ASP.NET / C# page, pass to PowerShell

问题描述

我正在寻找一个概念证明/演示网页，

I'm looking to build a proof of concept / demo webpage that will:

• 作为服务运行（最初不需要身份验证） ）


• 提示输入凭据（即，为了提供备用凭据，最好将其捕获为System.Management.Automation.PSCredential）。


• 将凭据传递到PowerShell中（例如shell.Commands.AddArgument（pscred））


• 在PowerShell中使用这些凭据（以as身份传入或转换为System.Management.Automation.PSCredential）


• 要澄清：我不想对凭据进行身份验证。我只想以安全的方式收集它们。就目前我所关心的而言，这简直是胡言乱语，但我想保护的却是胡言乱语

• Run as a service (no authentication required initially)
• Prompt for credentials (i.e. to allow providing alternate credentials, ideally capture this as System.Management.Automation.PSCredential). No authentication is required here, I just need to capture the credentials.
• Pass credentials in to PowerShell (e.g. shell.Commands.AddArgument(pscred) )
• Use these credentials in PowerShell (pass in as, or convert to System.Management.Automation.PSCredential)
• To clarify: I do not want to authenticate credentials. I just want to collect them in a secure way. For all I care at the moment, it is gibberish, but gibberish that I presumably want to protect

我有一个ASP.NET Web使用Visual C＃的应用程序项目（类似于一个此处）。我已经启动并运行该页面（即它使用适当的帐户运行，它运行PowerShell等）-我想以一种相当安全的方式提示和存储凭据。我认为有一些标准的方法可以做到这一点。还是我对此内容了解过多，因为这是服务器端应用程序？

I have an ASP.NET Web Application project with Visual C# (similar to the one here). I have the page up and running (i.e. it runs with the appropriate account, it runs PowerShell, etc.) - I want to prompt for and store credentials in a reasonably secure manner. I assume there is some standard way to do this. Or am I reading too much into this as this is a server side application?

到目前为止，这是我代码的摘录：

Here are excerpts from my code thus far:

• Default.aspx（这些将根据情况而改变）：

• Default.aspx (these will be changed depending on the scenario):

<asp:TextBox ID="Input" runat="server" TextMode="MultiLine" Width="400px" Height="73px" ></asp:TextBox>  
<asp:TextBox ID="InputParam" runat="server" TextMode="MultiLine" Width="200px" Height="20px" ></asp:TextBox>  
<asp:Button ID="ExecuteCode" runat="server" Text="Execute" Width="200" onclick="ExecuteCode_Click" />
<asp:TextBox ID="ResultBox" TextMode="MultiLine" Width="700" Height="200" runat="server"></asp:TextBox>
<asp:TextBox ID="ErrorBox" TextMode="MultiLine" Width="700" Height="200" runat="server"></asp:TextBox>

Default.aspx.cs：

Default.aspx.cs:

protected void ExecuteCode_Click(object sender, EventArgs e)
{
    // Clean the Result TextBox
    ResultBox.Text = string.Empty;

    // Initialize PowerShell engine
    var shell = PowerShell.Create();

    // Add the script and an argument to the PowerShell object
    shell.Commands.AddScript(Input.Text);
    shell.Commands.AddArgument(InputParam.Text);

    // Execute the script
    var results = shell.Invoke();

    // display results, with BaseObject converted to string
    // Note : use | out-string for console-like output
    if (results.Count > 0)
    {
        // We use a string builder ton create our result text
        var builder = new StringBuilder();

        foreach (var psObject in results)
        {
            // Convert the Base Object to a string and append it to the string builder.
            // Add \r\n for line breaks
            builder.Append(psObject.BaseObject.ToString() + "\r\n");
        }

        // Encode the string in HTML (prevent security issue with 'dangerous' caracters like < >
        ResultBox.Text = Server.HtmlEncode(builder.ToString());
    }

    //Collect errors
    var PSErrors = shell.Streams.Error.ReadAll();

    if (PSErrors != null)
    {

        // We use a string builder ton create our error text
        var builder = new StringBuilder();

        foreach (var psError in PSErrors)
        {
            // Convert the exception Object to a string and append it to the string builder.
            // Add \r\n for line breaks
            builder.Append(psError.Exception.ToString() + "\r\n");
        }
        // Encode the string in HTML (prevent security issue with 'dangerous' caracters like < >
        ErrorBox.Text = Server.HtmlEncode(builder.ToString());
    }

}

此代码不会

PSCredential pscred = this.Host.UI.PromptForCredential("Enter username/password","", "", "");
shell.Commands.AddArgument(pscred);

推荐答案

我认为最简单的方法是使用模拟。也就是说，您获得了用户的凭据，然后以该用户身份启动Powershell进程，从而可以以该用户身份执行所需的任何操作。

I think the easiest way is to use impersonation. i.e. you get the credentials of the user, and launch the powershell process as that user which allows you to execute anything you want as that user.

请参阅：

使用用户模拟从ASP.NET执行PowerShell cmdlet -具有模拟当前用户运行PowerShell的步骤

Execute PowerShell cmdlets from ASP.NET With User Impersonation - Has steps to impersonate the current user to run PowerShell

or

如何从ASP.NET以模拟方式运行PowerShell脚本-有关如何以模拟方式运行PowerShell的StackOverflow问题。

How to run PowerShell scripts from ASP.NET with Impersonation - StackOverflow question on how to run PowerShell with impersonation.

这篇关于在ASP.NET/C#页面中提示输入凭据，并传递给PowerShell的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！