fbpx Securely Request Usernames and Passwords in PowerShell | Windows PowerShell, Windows Server | HostingUltraso.com
24/7/365 Support

Securely Request Usernames and Passwords in PowerShell

Problem

Your script requires that users provide it with a username and password, but you want to do this as securely as possible.

Solution

To request a credential from the user, use the GetCredential cmdlet: $credential = GetCredential

Discussion

The GetCredential cmdlet reads credentials from the user as securely as possible and ensures that the user’s password remains highly protected the entire time.

Once you have the username and password, you can pass that information around to any other command that accepts a PowerShell credential object without worrying about disclosing sensitive information. If a command doesn’t accept a PowerShell credential object (but does support a SecureString for its sensitive information), the resulting PsCredential object provides a Username property that returns the username in the credential and a Password property that returns a SecureString containing the user’s password.

Unfortunately, not everything that requires credentials can accept either a PowerShell credential or SecureString. If you need to provide a credential to one of these commands or API calls, the PsCredential object provides a GetNetworkCredential() method to convert the PowerShell credential to a less secure NetworkCredential object. Once you've converted the credential to a NetworkCredential, the UserName and Password properties provide unencrypted access to the username and password from the original credential. Many networkrelated classes in the .NET Framework support the NetworkCredential class directly.

The NetworkCredential class is less secure than the PsCredential class because it stores the user’s password in plain text. For more information about the security implications of storing sensitive information in

plain text,

If a frequently run script requires credentials, you might consider caching those credentials in memory to improve the usability of that script. For example, in the region of the script that calls the GetCredential cmdlet, you can instead use the techniques shown by Example 163.

Example 163. Caching credentials in memory to improve usability

$credential = $null if(TestPath Variable:\Lee.Holmes.CommonScript.CachedCredential) {

$credential = ${GLOBAL:Lee.Holmes.CommonScript.CachedCredential} }

${GLOBAL:Lee.Holmes.CommonScript.CachedCredential} = GetCredential $credential

$credential = ${GLOBAL:Lee.Holmes.CommonScript.CachedCredential}

The script prompts the user for their credentials the first time they call it but uses the cached credentials for subsequent calls.

For more information about the GetCredential cmdlet, type GetHelp GetCredential.

Help Category:

Get Windows Dedicated Server

Only reading will not help you, you have to practice it! So get it now.

Processor RAM Storage Server Detail
Intel Atom C2350 1.7 GHz 2c/2t 4 GB DDR3 1× 1 TB (HDD SATA) Configure Server
Intel Atom C2350 1.7 GHz 2c/2t 4 GB DDR3 1× 128 GB (SSD SATA) Configure Server
Intel Atom C2750 2.4 GHz 8c/8t 8 GB DDR3 1× 1 TB (HDD SATA) Configure Server
Intel Xeon E3-1230 v2 3.3 GHz 4c/8t 16 GB DDR3 1× 256 GB (SSD SATA) Configure Server
Intel Atom C2350 1.7 GHz 2c/2t 4 GB DDR3 1× 250 GB (SSD SATA) Configure Server

What Our Clients Say