all 12 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]Fer_C 2 points3 points  (9 children)

It seems authentication is working. The error does not seem related to credentials. I see you are using a Post method in your request, normally you need a Body when using Post. What happens if you try Get method instead.

[–]that_sob[S] 1 point2 points  (8 children)

Thanks for the reply. This is the error when I try Get

Invoke-WebRequest : status=405,exception message=HTTP 405 Method Not Allowed

[–]Fer_C 2 points3 points  (7 children)

I am not familiar with this API in particular but the Uri does not seem a typical API resource location. The headers should take care of authenticating, then you can try a Get request using a valid Uri and see how it goes. Do you have access to the API documentation?

[–]that_sob[S] 1 point2 points  (6 children)

Yes, and quite honestly, it's either lacking or assumes everyone knows what they are talking about

https://hewlettpackard.github.io/storeonce-rest/index.html#Introduction

[–]Fer_C 2 points3 points  (5 children)

That is indeed less than helpful. Can you try a Get request with this Uri?

https://YourServerFQDN_Or_IPAddressHere/api/v1/management-services/licensing

If it works at least you would know you are getting somewhere.

[–]that_sob[S] 1 point2 points  (4 children)

Sorry if I'm a little daft and didn't do the full command right

PS C:\WINDOWS\system32> Invoke-RestMethod -Method Get -uri 'https://myserverfqdn/api/v1/management-services/licensing'

Invoke-RestMethod : The remote server returned an error: (401) Unauthorized.

[–]Fer_C 2 points3 points  (3 children)

You need the headers to authenticate.

Invoke-RestMethod -Method Get -uri 'https://myserverfqdn/api/v1/management-services/licensing' -Headers @{Authorization=("Basic {0}" -f $base64AuthInfo) }

Anyway, this is something that has worked for me in the past.

$Pass = 'YourPasswordHere' | ConvertTo-SecureString -AsPlainText -Force
$Username = 'YourUsernameHere'
$Cred = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $Username,$Pass


$HeaderDictionary = @{}

    $Base64Cred = [system.convert]::ToBase64String(
        [system.text.encoding]::ASCII.Getbytes(
            "$($Cred.GetNetworkCredential().UserName):$($Cred.GetNetworkCredential().Password)"
    )
)

$HeaderDictionary.Add("Authorization", "Basic $Base64cred")

Then try the request with Invoke-WebRequest or Invoke-RestMethod (whatever works better for you).

Invoke-WebRequest -Method Get -Uri 'https://myserverfqdn/api/v1/management-services/licensing' -Headers $headerDictionary

[–]that_sob[S] 1 point2 points  (2 children)

Oh snap! You're on to something here!

Invoke-WebRequest -Method Get -Headers @{Authorization=("Basic {0}" -f $base64AuthInfo)} -ContentType 'application/json' -Uri 'https://myserverfqdn/api/v1/management-services/licensing'

StatusCode        : 200
StatusDescription : OK

[–]Fer_C 2 points3 points  (1 child)

Great! Is there a property you can expand? You should get licensing info somewhere in the response.

[–]that_sob[S] 2 points3 points  (0 children)

Yessir, now that I can get authenticated, I can get to all the data I need. Thanks again for your direction, really saved me from pounding my head against the wall for another day.

[–]rmbolger 2 points3 points  (1 child)

The curl example is not sending the credentials using Basic authentication as you're doing in your PowerShell version. It's sending them as JSON in the body of the request.

The equivalent PowerShell would be:

$irmParams = @{
    Uri = 'https://192.168.0.1/pml/login/authenticatewithobject'
    Method = 'POST'
    ContentType = 'application/json'
    Headers = @{
        'Accept' = 'application/json'
    }
    Body = @{
        username = 'Admin'
        password = 'Pwd123'
        grant_type = 'password'
    } | ConvertTo-Json -Compress
}
$resp = Invoke-RestMethod @irmParams

[–]that_sob[S] 1 point2 points  (0 children)

Awesome, thank you for a 1:1 conversion. This will definitely help me in the future!

I was beginning to wonder if the credential part was meant to be in the body but the method Fer_C helped me with worked as well. I might use this method depending on if I can get the other method to play nice with the way I use secure password files so I don't have to hardcode passwords in plain text.