SharePoint 2016/2013/Online: How To Apply Password Encryption For Component As Service Using PowerShell

Recently we developed a couple of Power-Shell-based components that will serve as data crawlers for federated data sources like External Web Services, SQL Server Databases, and Excel Workbooks & SharePoint Lists.

In order to authenticate the Service Accounts against all of these sources, .we have no choice but to embed the User Name and Passwords within the PowerShell Code in plain text. It gets even worst when few of the Web Services could support only “Basic Authentication”.

Saving passwords in plain text to code files could lead us to the Compliance Issues and could get the solutions rejected eventually.

In order to fix this issue, .we have implemented a couple of mechanisms to deal with each type of Authentication requirements.

In this article, we will discuss the mechanism to authenticate the requests to SharePoint Lists.

In order to simplify this demo let’s consider a simple scenario where we have a list “MyLocations” as shown below and need to export its metadata using a PowerShell based component.

https://howtodowithsharepoint.files.wordpress.com/2017/03/1.png?w=800

To keep the content crisp let's walk through the specific section of code and skipping all the CSOM specific code which you can refer to earlier articles if you like.

We have intentionally divided this implementation into two separate code files in order to keep the passwords safe from the developers. The intent is to get the Encryption File generated by the SharePoint Admins and provided these files to developers for so that they can use it in code directly as shown below.

In the following code snippet, you can see the commands to encrypt password “12345678” and export it to a text file “BANSALP.txt”

https://howtodowithsharepoint.files.wordpress.com/2017/03/2.png?w=800

This file would look like as shown below:

https://howtodowithsharepoint.files.wordpress.com/2017/03/3.png?w=800https://howtodowithsharepoint.files.wordpress.com/2017/03/4.png?w=800

This way you can store passwords for all required service accounts in different text files without violating Security Compliance.

Now in order to pass this encrypted password to SharePoint for authentication, we can make use of “System.Management.Automation.PSCredential” Class as shown below.

Here “Get-Content” Command let is used to read the content from “BANSALP.txt” file and **“ConvertTo-SecureString”**Command let to get the encrypted password as secure string

https://howtodowithsharepoint.files.wordpress.com/2017/03/5.png?w=800

Once credential Object has been created we can assign this credential object to SharePoint Client Context “Credentials” Property

https://howtodowithsharepoint.files.wordpress.com/2017/03/6.png?w=800

With this Client Context, SharePoint Authenticates the incoming request based on the ACL of the requestor

Following is the outcome of the call that we have sent to SharePoint:

https://howtodowithsharepoint.files.wordpress.com/2017/03/7.png?w=800

We have exported the metadata to a “CSV” file as well that would look like this.

https://howtodowithsharepoint.files.wordpress.com/2017/03/8.png?w=800

Hope you find it helpful.