Hi Guys,
I've modified a great script written by William Lam and works perfectly however the script requires me to specify the credentials either in the script or pass as a param in plain text.
I usually use $Cred = Get-Credentials at the beginning of my scripts to authenticate against vCenter but this script requires to also authenticate against the MOB and I just can't figure out how to store the credentials for both.
vghetto-scripts/enable-disable-vsphere-api-method.ps1 at master · lamw/vghetto-scripts · GitHub
You can have multiple Get-Credential cmdlets in a script.
You could do
$credVC = Get-Credential -Message "Enter vCenter credentials"
$credMOB = Get-Credential -Message "Enter MOB credentials"
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
You can have multiple Get-Credential cmdlets in a script.
You could do
$credVC = Get-Credential -Message "Enter vCenter credentials"
$credMOB = Get-Credential -Message "Enter MOB credentials"
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Thanks Luc,
I thought that might work but correct me if I'm wrong I would have to enter the same credentials twice. Would there be anyway I could script to only prompt once since they are the same credentials?
If they are the same, you only have to do the Get-Credential once.
You can use the object ($credential) coming out of the cmdlet for both.
$credential = Get-Credential -Message "Enter vCenter/MOB credentials"
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
would I have to place it at the very top above the functions?
Hi Luc,
Would I have to modify everywhere it tries to connect using -user and -pass to $credentials for example in this function
Function Disable-vSphereMethod {
param(
[Parameter(
Position=0,
Mandatory=$true,
ValueFromPipeline=$true,
ValueFromPipelineByPropertyName=$true)
]
[String]$vmmoref,
[string]$vc_server,
[String]$vc_username,
[String]$vc_password,
[String]$disable_method
)
$secpasswd = ConvertTo-SecureString $vc_password -AsPlainText -Force
$credential = New-Object System.Management.Automation.PSCredential($vc_username, $secpasswd)
# vSphere MOB URL to private disableMethods
$mob_url = "https://$vc_server/mob/?moid=AuthorizationManager&method=disableMethods"
# Ingore SSL Warnings
add-type -ErrorAction Ignore -TypeDefinition @"
using System.Net;
using System.Security.Cryptography.X509Certificates;
public class TrustAllCertsPolicy : ICertificatePolicy {
public bool CheckValidationResult(
ServicePoint srvPoint, X509Certificate certificate,
WebRequest request, int certificateProblem) {
return true;
}
}
"@
[System.Net.ServicePointManager]::CertificatePolicy = New-Object TrustAllCertsPolicy
# Initial login to vSphere MOB using GET and store session using $vmware variable
$results = Invoke-WebRequest -Uri $mob_url -SessionVariable vmware -Credential $credential -Method GET
# Extract hidden vmware-session-nonce which must be included in future requests to prevent CSRF error
# Credit to https://blog.netnerds.net/2013/07/use-powershell-to-keep-a-cookiejar-and-post-to-a-web-form/ for parsing vmware-session-nonce via Powershell
if($results.StatusCode -eq 200) {
$null = $results -match 'name="vmware-session-nonce" type="hidden" value="?([^\s^"]+)"'
$sessionnonce = $matches[1]
} else {
Write-host "Failed to login to vSphere MOB"
exit 1
}
# The POST data payload must include the vmware-session-nonce variable + URL-encoded
$body = @"
vmware-session-nonce=$sessionnonce&entity=%3Centity+type%3D%22ManagedEntity%22+xsi%3Atype%3D%22ManagedObjectReference%22%3E$vmmoref%3C%2Fentity%3E%0D%0A%0D%0A&method=%3CDisabledMethodRequest%3E%0D%0A+++%3Cmethod%3E$disable_method%3C%2Fmethod%3E%0D%0A%3C%2FDisabledMethodRequest%3E%0D%0A%0D%0A&sourceId=self
"@
# Second request using a POST and specifying our session from initial login + body request
$results = Invoke-WebRequest -Uri $mob_url -WebSession $vmware -Method POST -Body $body
}
You would need to replace these lines
$vc_username = "administrator@vghetto.local"
$vc_password = "VMware1!"
with these lines
$credential = Get-Credential -Message "Enter vCenter/MOB credentials"
$vc_username = $credential.GetNetworkCredential().UserName
$vc_password = $credential.GetNetworkCredential().password
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Hey Luc,
Your the best! works perfectly thanks again.
Cheers