Unable to submit credential objects as arguments

Question

Unable to submit credential objects as arguments

skille opened this issue 4 years ago · comments

Cannot serialize the credential. If this command is starting a workflow, the credentials cannot be persisted, because the process in which the workflow is started does not have permission to seri
alize credentials.
-- If the workflow was started in a PSSession to the local computer, add the EnableNetworkAccess parameter to the command that created the session.
-- If the workflow was started in a PSSession to a remote computer, add the Authentication parameter with a value of CredSSP to the command that created the session. Or, connect to a session conf
iguration that has a RunAsUser property value.
+ CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorException
+ FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Invoke-ScheduledTask
+ PSComputerName :

Marc R Kellerman · Answer 1 · Fri May 29 2020 06:57:12 GMT+0800 (China Standard Time)

Please provide an example of the code you are executing.

Trond Skille · Answer 2 · Fri May 29 2020 14:13:19 GMT+0800 (China Standard Time)

I tested now again, unable to provoke the error, but still, the code does not run.
Import-Module -Name Invoke-CommandAs
$Credential = Get-Credential
$Server = 'ServerName'
Invoke-CommandAs -ComputerName $Server -AsSystem -ArgumentList $Credential -ScriptBlock {
param ($Credential)
$Credential.UserName
}
The username is not returned

This also returns nothing;
Invoke-CommandAs -ComputerName $Server -AsSystem -ArgumentList $Credential -ScriptBlock {
param ($Credential)
Test-Path -Path $env:TEMP
}

Removing the argument returns True as expected.
Invoke-CommandAs -ComputerName $Server -AsSystem -ScriptBlock {
Test-Path -Path $env:TEMP
}

Looking besides this issue, I must say you have done an impressive job with this module!

Marc R Kellerman · Answer 3 · Fri May 29 2020 14:45:39 GMT+0800 (China Standard Time)

You can pass credential parameter inside this scriptblock.. too much inceptions.. lol rename it to $cred or something

Trond Skille · Answer 4 · Fri May 29 2020 14:55:07 GMT+0800 (China Standard Time)

ffs! Thanks a lot ! ;)
`Invoke-CommandAs -ComputerName $server -ArgumentList $Credential -ScriptBlock {

param($Cred)
$Cred.username
test-path $env:temp
}
`
Now returning both the username and True :)

Have a nice day :)

Trond Skille · Answer 5 · Fri May 29 2020 16:46:14 GMT+0800 (China Standard Time)

Actually, I tested wrong when I closed the case.
I forgot to add the -AsSystem switch. Adding it returns nothing.
Invoke-CommandAs -ComputerName $ServerName -ArgumentList $Credential -AsSystem -ScriptBlock {
param($Cred)
$Cred.username
test-path $env:temp
}

Trond Skille · Answer 6 · Thu Jun 04 2020 06:24:01 GMT+0800 (China Standard Time)

I worked around this problem by converting the credential objects to an base64 encoded string and back.
`
$Base64Credential = [Convert]::ToBase64String([Text.Encoding]::UTF8.GetBytes((@{
UserName = $Credential.UserName
Password = $Credential.GetNetworkCredential().Password
} | ConvertTo-Json)))

Invoke-CommandAs -ComputerName $ServerName -AsSystem -ArgumentList $Base64Credential -ScriptBlock {
param(
$Base64Credential
)
$Credential = [Text.Encoding]::UTF8.GetString([Convert]::FromBase64String($Base64Credential)) | ConvertFrom-Json
$Credential = New-Object -TypeName PScredential -ArgumentList $Credential.UserName,$(ConvertTo-SecureString -String $Credential.Password -AsPlainText -Force)

$Credential

}
`