search

Badgerati / Pode.Web

Web template framework for use with the Pode PowerShell web server
MIT License
194 stars 27 forks source link

No client certificate supplied - 401 #580

Open CharEmMech opened 5 months ago

CharEmMech commented 5 months ago

Question

Any clue what I'm doing wrong here? I generated a new certificate with powershell, gave it a friendlyname, and added it to localmachine\my and also added it to trusted store.

No matter what I get 401 error. Using Edge browser and have tried with powershell 5.1 and 7.4.2

`Import-Module -name pode, pode.web

Start-PodeServer -Threads 8 {

Add-PodeEndpoint -Address '192.168.0.55' -Port 443 -Protocol Https -CertificateName 'hotdog' -CertificateStoreLocation 'LocalMachine' -CertificateStoreName 'My' -AllowClientCertificate 

New-PodeAuthScheme -ClientCertificate | Add-PodeAuth -Name 'CertLogin' -Sessionless -ScriptBlock {

    param($cert, $errors)

    if ($cert.Thumbprint -eq '') {
        return @{
            User = @{
                ID ='M0R7Y302'
                Name = 'Morty'
                Type = 'Human'
            }
        }
    }

    # an invalid cert
    return @{ Message = 'Invalid certificate supplied' }
}

Add-PodeAuthMiddleware -Name 'GlobalAuthValidation' -Authentication 'CertLogin'

Use-PodeWebTemplates -Title "test" -Theme Light

Add-PodeWebPage -Name 'Test' -Icon 'Settings'  -ScriptBlock {
    New-PodeWebCard -Content @(
        New-PodeWebTable -Name 'Accounts' -CsvFilePath "C:\somedata.csv"
    )
}

}`

Badgerati commented 5 months ago

Hi @CharEmMech,

Is this line:

if ($cert.Thumbprint -eq '') {

meant to be the following instead? as the above will throw a 401 if the cert has a thumbprint

if ($cert.Thumbprint -ne '') {
CharEmMech commented 5 months ago

Thanks for the reply, I just omitted the thumbprint of the cert there. it should be -eq '12334566677788888' it does not work with a valid thumbprint in there.