6

I wan't to examine a Webpage which requires Client Side Certificate Authentication. How can i provide my Cert from the Certstore to the Webrequest: Is there a way to specify this in Credentials odr within the Proxy?

$webclient = New-Object Net.WebClient
# The next 5 lines are required if your network has a proxy server
$webclient.Credentials = [System.Net.CredentialCache]::DefaultCredentials
if($webclient.Proxy -ne $null)     {
    $webclient.Proxy.Credentials = `
            [System.Net.CredentialCache]::DefaultNetworkCredentials
}
# This is the main call
$output = $webclient.DownloadString("$URL")

PS: Maybe this helps: How can you add a Certificate to WebClient (C#)? But i don't get it.. ;-)

Improve this question
1
  • What that SO question means is that you either have to use a HttpWebRequest directly, or override WebClient so that you can add the certificate. Commented Apr 11, 2011 at 16:56

1 Answer 1

Reset to default
11

Using the new Add-Type functionality in PowerShell v2, you can craft a custom class that you can then use to make your typical WebRequest. I have included a method on the custom class to allow you to add certificates that can be used for authentication.

PS C:\> $def = @"
public class ClientCertWebClient : System.Net.WebClient
{
    System.Net.HttpWebRequest request = null;
    System.Security.Cryptography.X509Certificates.X509CertificateCollection certificates = null;

     protected override System.Net.WebRequest GetWebRequest(System.Uri address)
     {
         request = (System.Net.HttpWebRequest)base.GetWebRequest(address);
         if (certificates != null)
         {
             request.ClientCertificates.AddRange(certificates);
         }
         return request;
     }

     public void AddCerts(System.Security.Cryptography.X509Certificates.X509Certificate[] certs)
     {
         if (certificates == null)
         {
             certificates = new System.Security.Cryptography.X509Certificates.X509CertificateCollection();
         }
         if (request != null)
         {
             request.ClientCertificates.AddRange(certs);
         }
         certificates.AddRange(certs);
     }
 }
 "@

PS C:\> Add-Type -TypeDefinition $def

You would perhaps want to limit the certificates being added to just the one (or ones) you would want to use rather than just use every available certificate in the Current User store, but here is an example that just loads all of them:

PS C:\> $wc = New-Object ClientCertWebClient
PS C:\> $certs = dir cert:\CurrentUser\My
PS C:\> $wc.AddCerts($certs)
PS C:\> $wc.DownloadString("http://stackoverflow.com")
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.