6

I wan't to examine a Webpage which requires Client Side Certificate Authentication. How can i provide my Cert from the Certstore to the Webrequest: Is there a way to specify this in Credentials odr within the Proxy?

$webclient = New-Object Net.WebClient
# The next 5 lines are required if your network has a proxy server
$webclient.Credentials = [System.Net.CredentialCache]::DefaultCredentials
if($webclient.Proxy -ne $null)     {
    $webclient.Proxy.Credentials = `
            [System.Net.CredentialCache]::DefaultNetworkCredentials
}
# This is the main call
$output = $webclient.DownloadString("$URL")

PS: Maybe this helps: How can you add a Certificate to WebClient (C#)? But i don't get it.. ;-)

Community
  • 1
  • 1
icnivad
  • 2,231
  • 8
  • 29
  • 35
  • What that SO question means is that you either have to use a HttpWebRequest directly, or override WebClient so that you can add the certificate. – JasonMArcher Apr 11 '11 at 16:56

1 Answers1

10

Using the new Add-Type functionality in PowerShell v2, you can craft a custom class that you can then use to make your typical WebRequest. I have included a method on the custom class to allow you to add certificates that can be used for authentication.

PS C:\> $def = @"
public class ClientCertWebClient : System.Net.WebClient
{
    System.Net.HttpWebRequest request = null;
    System.Security.Cryptography.X509Certificates.X509CertificateCollection certificates = null;

     protected override System.Net.WebRequest GetWebRequest(System.Uri address)
     {
         request = (System.Net.HttpWebRequest)base.GetWebRequest(address);
         if (certificates != null)
         {
             request.ClientCertificates.AddRange(certificates);
         }
         return request;
     }

     public void AddCerts(System.Security.Cryptography.X509Certificates.X509Certificate[] certs)
     {
         if (certificates == null)
         {
             certificates = new System.Security.Cryptography.X509Certificates.X509CertificateCollection();
         }
         if (request != null)
         {
             request.ClientCertificates.AddRange(certs);
         }
         certificates.AddRange(certs);
     }
 }
 "@

PS C:\> Add-Type -TypeDefinition $def

You would perhaps want to limit the certificates being added to just the one (or ones) you would want to use rather than just use every available certificate in the Current User store, but here is an example that just loads all of them:

PS C:\> $wc = New-Object ClientCertWebClient
PS C:\> $certs = dir cert:\CurrentUser\My
PS C:\> $wc.AddCerts($certs)
PS C:\> $wc.DownloadString("http://stackoverflow.com")
Goyuix
  • 23,614
  • 14
  • 84
  • 128