arcgis-powershell-dsc icon indicating copy to clipboard operation
arcgis-powershell-dsc copied to clipboard

Published 20 hours ago verified publisher icon Esri

Get-PortalToken causes SSL validation issues for subsequent calls to Invoke-RestMethod

Open bweisberg opened this issue 5 years ago • 3 comments

I have a PowerShell script that use Invoke-RestMethod to check the state of a service. After invoking Get-PortalToken the next time I use Invoke-RestMethod with https endpoints I see errors:

Invoke-RestMethod : The underlying connection was closed: An unexpected error occurred on a send.

PSInvalidOperationException: There is no Runspace available to run scripts in this thread. You can provide one in the DefaultRunspace property of the System.Management.Automation.Runspaces.Runspace type. The script block you attempted to invoke was: $true

For example, this works on a fresh machine: Invoke-RestMethod https://myportal.domain.com/portal/portaladmin/health

then I do something else that calls Get-PortalToken:

$password = ConvertTo-SecureString 'password' -AsPlainText -Force  
$credential = New-Object System.Management.Automation.PSCredential ('admin', $password)
$Referer = 'https://localhost'
$token = Get-PortalToken -PortalHostName 'myportal.domain.com' -SiteName 'portal' -Port 443 -Credential $credential -Referer $Referer

after running the above scripts, the first call fails Invoke-RestMethod https://myportal.domain.com/portal/portaladmin/health

bweisberg avatar Apr 10 '19 23:04 bweisberg

@bweisberg We set the following when we do a get portal token [System.Net.ServicePointManager]::ServerCertificateValidationCallback = {$true} This also affects any call you make after making Get-PortalToken As suggested in the blog post try setting the following before you make a rest call again. [System.Net.ServicePointManager]::ServerCertificateValidationCallback = $null

shailesh91 avatar Apr 10 '19 23:04 shailesh91

@bweisberg
Since u are already using the ArcGIS PowerShell Module, you can also try Invoke-ArcGISRequest commandlet and see if that works for you.

As @shailesh91 mentions, the above code will ignore certificate errors, mismatches

nshampur avatar Apr 10 '19 23:04 nshampur

@shailesh91 setting the callback to $null does indeed work. @nshampur Invoke-ArcGISRequest also works and I use it whenever I make ArcGIS REST calls. It sounds like when I need to call other REST methods with Invoke-RestMethod I need to reset the SSL validation with [System.Net.ServicePointManager]::ServerCertificateValidationCallback = $null.

Can the ArcGISUtility functions reset the validation for us? This solution allows temporarily ignoring certificate errors for individual calls

bweisberg avatar Apr 11 '19 03:04 bweisberg