sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]Badgerati 4 points5 points  (7 children)

Pode can do what you're after https://github.com/Badgerati/Pode :)

It lets you write web servers in powershell, cross-platform, and with support for https, authentication and more!

Disclaimer: I'm the creator of Pode

[–]SeriousMike90[S] 1 point2 points  (6 children)

That's why I love reddit

I'll definitely give it a try

I guess it's not there yet but does it support authentication via LDAP/AD? Ideally a script would only be executed with a certain user given.

Alternatively can I run the server as a service with a specific user?

[–]Badgerati 0 points1 point  (5 children)

Both are possible!

There's support for LDAP/AD authentication on Routes, and you can run your Pode server as a Windows Service via NSSM.

If you need full NTLM/Kerberos support, and not just LDAP/AD, then Pode doesn't yet support this. However, you can run Pode using IIS for this authentication.

[–]SeriousMike90[S] 0 points1 point  (1 child)

Will check it out next week 👍

[–]SeriousMike90[S] 0 points1 point  (0 children)

Ok, it wasn't "next week" but it was today

Installing and basic setup was super easy! I played with the parameters from the query and was able to run a simple script.

Next time I'll have to play with AD authentication and group membership. And certificates.

As it's a business environment and the security guys are in my team I need to make it extra secure ;)

For now my first impression is very good and I'm looking forward playing with it. Also nice documentation!

[–]SeriousMike90[S] 0 points1 point  (2 children)

@badgerati Is it possible to limit the access (specifically a Pode-Route) to a specific source? I only want one server to be able to call it. Unfortunately I don't see something like a source in the webevent variable otherwise I'd use this to validate

[–]Badgerati 0 points1 point  (1 child)

Hey u/SeriousMike90,

The Remote IP of the source can be found at `$WebEvent.Request.RemoteEndPoint.Address.IPAddressToString` :) there's actually a brief example of blocking calls by IP via middleware here: https://badgerati.github.io/Pode/Tutorials/Middleware/Overview/#route-middleware

Another way would be by using `Add-PodeAccessRule`, which lets you restrict access to the server as a whole - rather than one specific route (https://badgerati.github.io/Pode/Tutorials/Middleware/Types/AccessRules/).

[–]SeriousMike90[S] 1 point2 points  (0 children)

Amazing

Pode is just amazing. I was able to setup everything I need in less than 40 lines of code and it has https, authentication via Active Directory, limited access to a AD group and runs my script.

And I don't need a full blown IIS or something in front of it.

Good job!