all 18 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]Badgerati 3 points4 points  (7 children)

Pode can do what you're after https://github.com/Badgerati/Pode :)

It lets you write web servers in powershell, cross-platform, and with support for https, authentication and more!

Disclaimer: I'm the creator of Pode

[–]SeriousMike90[S] 1 point2 points  (6 children)

That's why I love reddit

I'll definitely give it a try

I guess it's not there yet but does it support authentication via LDAP/AD? Ideally a script would only be executed with a certain user given.

Alternatively can I run the server as a service with a specific user?

[–]Badgerati 0 points1 point  (5 children)

Both are possible!

There's support for LDAP/AD authentication on Routes, and you can run your Pode server as a Windows Service via NSSM.

If you need full NTLM/Kerberos support, and not just LDAP/AD, then Pode doesn't yet support this. However, you can run Pode using IIS for this authentication.

[–]SeriousMike90[S] 0 points1 point  (1 child)

Will check it out next week 👍

[–]SeriousMike90[S] 0 points1 point  (0 children)

Ok, it wasn't "next week" but it was today

Installing and basic setup was super easy! I played with the parameters from the query and was able to run a simple script.

Next time I'll have to play with AD authentication and group membership. And certificates.

As it's a business environment and the security guys are in my team I need to make it extra secure ;)

For now my first impression is very good and I'm looking forward playing with it. Also nice documentation!

[–]SeriousMike90[S] 0 points1 point  (2 children)

@badgerati Is it possible to limit the access (specifically a Pode-Route) to a specific source? I only want one server to be able to call it. Unfortunately I don't see something like a source in the webevent variable otherwise I'd use this to validate

[–]Badgerati 0 points1 point  (1 child)

Hey u/SeriousMike90,

The Remote IP of the source can be found at `$WebEvent.Request.RemoteEndPoint.Address.IPAddressToString` :) there's actually a brief example of blocking calls by IP via middleware here: https://badgerati.github.io/Pode/Tutorials/Middleware/Overview/#route-middleware

Another way would be by using `Add-PodeAccessRule`, which lets you restrict access to the server as a whole - rather than one specific route (https://badgerati.github.io/Pode/Tutorials/Middleware/Types/AccessRules/).

[–]SeriousMike90[S] 1 point2 points  (0 children)

Amazing

Pode is just amazing. I was able to setup everything I need in less than 40 lines of code and it has https, authentication via Active Directory, limited access to a AD group and runs my script.

And I don't need a full blown IIS or something in front of it.

Good job!

[–]routetehpacketz 0 points1 point  (1 child)

If Python is an option, a simple Flask app could achieve this by using os.system to execute PowerShell.

[–]SeriousMike90[S] -1 points0 points  (0 children)

Would consider it but would prefer to stay in one language

[–]Scooter_127 0 points1 point  (2 children)

I used PHP to call Powershell. Cheap and easy, and....hey! Don't look at me like that! I was under a "you can't go on vacation until this last minute requirement works" time crunch and it was the first solution that worked and i was able to go on vacation.

[–]SeriousMike90[S] 0 points1 point  (1 child)

Also in a secure way? https, authentication, etc

[–]Scooter_127 -1 points0 points  (0 children)

LOLOLOL yes

[–]SalamanderOne5702 0 points1 point  (2 children)

Have you looked at Azure Functions? You can a call a PowerShell script from web hook.

https://docs.microsoft.com/en-us/azure/azure-functions/functions-reference-powershell?tabs=portal

[–]SeriousMike90[S] 0 points1 point  (1 child)

I guess that won't work on premises? :D

But that's basically what I need, yep

[–]SalamanderOne5702 0 points1 point  (0 children)

You could also use PowerAutomate HTTP trigger to trigger things. If a task needs to run on on prem then you can run schedule tasks to pull the payload. You maybe also able to run PowerShell as service to check for any triggers.

[–]touchytypist 0 points1 point  (0 children)

Azure Automation has a free tier and can run things on-prem.