我正在寻找一个概念证明/演示网页,它将:
- 作为服务运行(最初不需要身份验证)
- 提示输入凭据(即允许提供备用凭据,最好将其捕获为 System.Management.Automation.PSCredential)。这里不需要身份验证,我只需要捕获凭据。
- 将凭据传递给 PowerShell(例如 shell.Commands.AddArgument(pscred) )
- 在 PowerShell 中使用这些凭据(传入或转换为 System.Management.Automation.PSCredential)
- 澄清一下:我不想验证凭据。我只想以安全的方式收集它们。我现在关心的只是胡言乱语,但我想保护这些胡言乱语
我有一个带有 Visual C# 的 ASP.NET Web 应用程序项目(类似于这里的那个)。我已经启动并运行了页面(即它使用适当的帐户运行,它运行 PowerShell 等) - 我想以相当安全的方式提示和存储凭据。我认为有一些标准的方法可以做到这一点。还是因为这是一个服务器端应用程序,所以我读得太多了?
以下是迄今为止我的代码的摘录:
Default.aspx(这些会根据场景而改变):
<asp:TextBox ID="Input" runat="server" TextMode="MultiLine" Width="400px" Height="73px" ></asp:TextBox> <asp:TextBox ID="InputParam" runat="server" TextMode="MultiLine" Width="200px" Height="20px" ></asp:TextBox> <asp:Button ID="ExecuteCode" runat="server" Text="Execute" Width="200" onclick="ExecuteCode_Click" /> <asp:TextBox ID="ResultBox" TextMode="MultiLine" Width="700" Height="200" runat="server"></asp:TextBox> <asp:TextBox ID="ErrorBox" TextMode="MultiLine" Width="700" Height="200" runat="server"></asp:TextBox>
默认.aspx.cs:
protected void ExecuteCode_Click(object sender, EventArgs e) { // Clean the Result TextBox ResultBox.Text = string.Empty; // Initialize PowerShell engine var shell = PowerShell.Create(); // Add the script and an argument to the PowerShell object shell.Commands.AddScript(Input.Text); shell.Commands.AddArgument(InputParam.Text); // Execute the script var results = shell.Invoke(); // display results, with BaseObject converted to string // Note : use | out-string for console-like output if (results.Count > 0) { // We use a string builder ton create our result text var builder = new StringBuilder(); foreach (var psObject in results) { // Convert the Base Object to a string and append it to the string builder. // Add \r\n for line breaks builder.Append(psObject.BaseObject.ToString() + "\r\n"); } // Encode the string in HTML (prevent security issue with 'dangerous' caracters like < > ResultBox.Text = Server.HtmlEncode(builder.ToString()); } //Collect errors var PSErrors = shell.Streams.Error.ReadAll(); if (PSErrors != null) { // We use a string builder ton create our error text var builder = new StringBuilder(); foreach (var psError in PSErrors) { // Convert the exception Object to a string and append it to the string builder. // Add \r\n for line breaks builder.Append(psError.Exception.ToString() + "\r\n"); } // Encode the string in HTML (prevent security issue with 'dangerous' caracters like < > ErrorBox.Text = Server.HtmlEncode(builder.ToString()); } }
根据我的理解,这段代码不起作用,但这个概念正是我想要做的。
PSCredential pscred = this.Host.UI.PromptForCredential("Enter username/password","", "", ""); shell.Commands.AddArgument(pscred);