Call web services using Microsoft Security Tokens

This is a sample PowerShell script of how to call the SoftwareCentral web API as an Azure app.

Entra ID - Get Groups example
Copy Code
# Script example for calling the SoftwareCentral WebApi as an app.
# When calling as an app, it will be treated as an administrator in SoftwareCentral with full access to every web service and resource.

# Install the MSAL.PS Module from an administrative PowerShell session using:
# Install-Module -name MSAL.PS

# Web Service Parameters Start
[String]$strStartsWith = "[String]"
[String]$strIntuneTenantName = "Default"
# Web Service Parameters End

# Provide the URL for the SoftwareCentral web service.
$url = 'https://swc/Api/WS_AzureActiveDirectory.asmx/GetAllowedGroups'

# Provide your Intune Tenant Id "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx".
$tenantId = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"

# Provide your Intune Client Id "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx".
# Use the same app registration (ClientID) as SoftwareCentral uses. See Configuration -> Intune Configuration -> Manage Intune Tenants.
$clientId = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"

# Provide a client secret for the app. Do not store the client secret in the script in a real world scenario.
$clientSecret = "xxxxx~xxxx-xxxxxxxxxxxxxxxxxxxxxxxxxxxxx"

# Use a certificate instead of a client secret. Remember to change the MsalParams to use the clientCertificate instead of the clientSecret.
# Note that certificates created by SoftwareCentral cannot be used for this. You must provide your own certificate.
# This example uses a certificate stored in Cert:\LocalMachine\My.
# Provide the thumbPrint for the certificate.
#$thumbPrint = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
#$clientCertificate = Get-Item "Cert:\LocalMachine\My\$($thumbPrint)";

# The Msal parameters.
$MsalParams = @{
   ClientId = $clientId
   TenantId = $tenantId
   Scopes = "https://graph.microsoft.com/.default"
   ClientSecret = ConvertTo-SecureString $clientSecret -AsPlainText -Force
   #ClientCertificate = $clientCertificate
}

# Get an access token.
$MsalResponse = Get-MsalToken @MsalParams
$AccessToken = $MsalResponse.AccessToken

# Create an HttpClient and add the access token to the authentication header.
$client = New-Object System.Net.Http.HttpClient
$client.DefaultRequestHeaders.Authorization = New-Object System.Net.Http.Headers.AuthenticationHeaderValue('Bearer', $AccessToken)

# Create the json body for the web service.
$body = @{
    strStartsWith = $strStartsWith
    strIntuneTenantName = $strIntuneTenantName
} | ConvertTo-Json

# Perform a POST and wait for the response
$content = [System.Net.Http.HttpRequestMessage]::new()
$content.Headers.Add('Accept','application/json')
$content.Content = [System.Net.Http.StringContent]::new($body, [System.Text.Encoding]::UTF8,'application/json')
$content.Method = 'POST'
$content.RequestUri = $url
$clientResultMessage = $client.SendAsync($content).
    GetAwaiter().
    GetResult()
$result =  $clientResultMessage.
    Content.
    ReadAsStringAsync().
    GetAwaiter().
    GetResult()

# Uncomment to print result as a string.
#$result | ConvertFrom-Json

# Uncomment to print the Json result to the console.
$result

 

Call hello world as an app.

Hello World
Copy Code
# Script example for calling the SoftwareCentral WebApi as an app.
# When calling as an app, it will be treated as an administrator in SoftwareCentral with full access to every web service and resource.

# Install the MSAL.PS Module from an administrative PowerShell session using:
# Install-Module -name MSAL.PS

# Provide the URL for the SoftwareCentral web service.
$url = 'https://swc/Api/WS_HelloWorld.asmx/HelloWorld'

# Provide your Intune Tenant Id "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx".
$tenantId = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"

# Provide your Intune Client Id "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx".
# Use the same app registration (ClientID) as SoftwareCentral uses. See Configuration -> Intune Configuration -> Manage Intune Tenants.
$clientId = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"

# Provide a client secret for the app. Do not store the client secret in the script in a real world scenario.
$clientSecret = "xxxxx~xxxx-xxxxxxxxxxxxxxxxxxxxxxxxxxxxx"

# Use a certificate instead of a client secret. Remember to change the MsalParams to use the clientCertificate instead of the clientSecret.
# Note that certificates created by SoftwareCentral cannot be used for this. You must provide your own certificate.
# This example uses a certificate stored in Cert:\LocalMachine\My.
# Provide the thumbPrint for the certificate.
#$thumbPrint = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
#$clientCertificate = Get-Item "Cert:\LocalMachine\My\$($thumbPrint)";

# The Msal parameters.
$MsalParams = @{
   ClientId = $clientId
   TenantId = $tenantId
   Scopes = "https://graph.microsoft.com/.default"
   ClientSecret = ConvertTo-SecureString $clientSecret -AsPlainText -Force
   #ClientCertificate = $clientCertificate
}

# Get an access token.
$MsalResponse = Get-MsalToken @MsalParams
$AccessToken = $MsalResponse.AccessToken

# Create an HttpClient and add the access token to the authentication header.
$client = New-Object System.Net.Http.HttpClient
$client.DefaultRequestHeaders.Authorization = New-Object System.Net.Http.Headers.AuthenticationHeaderValue('Bearer', $AccessToken)

# Create the json body for the web service.
$body = @{
} | ConvertTo-Json

# Perform a POST and wait for the response
$content = [System.Net.Http.HttpRequestMessage]::new()
$content.Headers.Add('Accept','application/json')
$content.Content = [System.Net.Http.StringContent]::new($body, [System.Text.Encoding]::UTF8,'application/json')
$content.Method = 'POST'
$content.RequestUri = $url
$clientResultMessage = $client.SendAsync($content).
    GetAwaiter().
    GetResult()
$result =  $clientResultMessage.
    Content.
    ReadAsStringAsync().
    GetAwaiter().
    GetResult()

# Uncomment to print result as a string.
#$result | ConvertFrom-Json

# Uncomment to print the Json result to the console.
$result

 

Call hello world as a user.

Hello World
Copy Code
# Script example for calling the SoftwareCentral WebApi as a user.
# When calling as a user, it will only be allowed to manage resources assigned to this users security roles.
# Remember to assign the web service to users security role under "Settings / Web Services".

# Install the MSAL.PS Module from an administrative PowerShell session using:
# Install-Module -name MSAL.PS

# Specify user credentials. Do not store the password in the script in a real world scenario. You can eg. use Azure Key Vault.
$username = "username@domain.onmicrosoft.com"
$password = "password"

# Provide the URL for the SoftwareCentral web service.
$url = 'https://swc/Api/WS_HelloWorld.asmx/HelloWorld'

# Provide your Intune Tenant Id "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx".
$tenantId = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"

# By default, use the Microsoft Graph PowerShell app id "14d82eec-204b-4c2f-b7e8-296a70dab67e". If needed, you can use your own Azure AD App Id.
$clientId = "14d82eec-204b-4c2f-b7e8-296a70dab67e"

$securePwd = ConvertTo-SecureString $password -AsPlainText -Force
$Cred = New-Object System.Management.Automation.PSCredential ($username, $securePwd)

$MsalParams = @{
   ClientId = $clientId
   TenantId = $tenantId
   Scopes   = 'openid','profile'
   UserCredential = $Cred
}

$MsalResponse = Get-MsalToken @MsalParams -UserCredential $Cred
$AccessToken = $MsalResponse.AccessToken

# Create an HttpClient.
$client = New-Object System.Net.Http.HttpClient
$client.DefaultRequestHeaders.Authorization = New-Object System.Net.Http.Headers.AuthenticationHeaderValue('Bearer', $AccessToken)

# Perform a POST
$body = @{
} | ConvertTo-Json
$content = [System.Net.Http.HttpRequestMessage]::new()
$content.Headers.Add('Accept','application/json')
$content.Content = [System.Net.Http.StringContent]::new($body, [System.Text.Encoding]::UTF8,'application/json')
$content.Method = 'POST'
$content.RequestUri = $url
$clientResultMessage = $client.SendAsync($content).
    GetAwaiter().
    GetResult()
$result =  $clientResultMessage.
    Content.
    ReadAsStringAsync().
    GetAwaiter().
    GetResult()

# Uncomment to print result as a string.
#$result | ConvertFrom-Json

# Print the Json result to the console.
$result

 

 

 

 


© Copyright - SoftwareCentral

https://softwarecentral.cloud/help