Call web services using Microsoft Security Tokens

This is a sample PowerShell script of how to call the SoftwareCentral web API as an Azure app.

Entra ID - Get Groups example	Copy Code
# Script example for calling the SoftwareCentral WebApi as an app. # When calling as an app, it will be treated as an administrator in SoftwareCentral with full access to every web service and resource. # Install the MSAL.PS Module from an administrative PowerShell session using: # Install-Module -name MSAL.PS # Web Service Parameters Start [String]$strStartsWith = "[String]" [String]$strIntuneTenantName = "Default" # Web Service Parameters End # Provide the URL for the SoftwareCentral web service. $url = 'https://swc/Api/WS_AzureActiveDirectory.asmx/GetAllowedGroups' # Provide your Intune Tenant Id "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx". $tenantId = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" # Provide your Intune Client Id "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx". # Use the same app registration (ClientID) as SoftwareCentral uses. See Configuration -> Intune Configuration -> Manage Intune Tenants. $clientId = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" # Provide a client secret for the app. Do not store the client secret in the script in a real world scenario. $clientSecret = "xxxxx~xxxx-xxxxxxxxxxxxxxxxxxxxxxxxxxxxx" # Use a certificate instead of a client secret. Remember to change the MsalParams to use the clientCertificate instead of the clientSecret. # Note that certificates created by SoftwareCentral cannot be used for this. You must provide your own certificate. # This example uses a certificate stored in Cert:\LocalMachine\My. # Provide the thumbPrint for the certificate. #$thumbPrint = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" #$clientCertificate = Get-Item "Cert:\LocalMachine\My\$($thumbPrint)"; # The Msal parameters. $MsalParams = @{ ClientId = $clientId TenantId = $tenantId Scopes = "https://graph.microsoft.com/.default" ClientSecret = ConvertTo-SecureString $clientSecret -AsPlainText -Force #ClientCertificate = $clientCertificate } # Get an access token. $MsalResponse = Get-MsalToken @MsalParams $AccessToken = $MsalResponse.AccessToken # Create an HttpClient and add the access token to the authentication header. $client = New-Object System.Net.Http.HttpClient $client.DefaultRequestHeaders.Authorization = New-Object System.Net.Http.Headers.AuthenticationHeaderValue('Bearer', $AccessToken) # Create the json body for the web service. $body = @{ strStartsWith = $strStartsWith strIntuneTenantName = $strIntuneTenantName } \| ConvertTo-Json # Perform a POST and wait for the response $content = [System.Net.Http.HttpRequestMessage]::new() $content.Headers.Add('Accept','application/json') $content.Content = [System.Net.Http.StringContent]::new($body, [System.Text.Encoding]::UTF8,'application/json') $content.Method = 'POST' $content.RequestUri = $url $clientResultMessage = $client.SendAsync($content). GetAwaiter(). GetResult() $result = $clientResultMessage. Content. ReadAsStringAsync(). GetAwaiter(). GetResult() # Uncomment to print result as a string. #$result \| ConvertFrom-Json # Uncomment to print the Json result to the console. $result

Entra ID - Get Groups example

Copy Code

# Script example for calling the SoftwareCentral WebApi as an app.
# When calling as an app, it will be treated as an administrator in SoftwareCentral with full access to every web service and resource.

# Install the MSAL.PS Module from an administrative PowerShell session using:
# Install-Module -name MSAL.PS

# Web Service Parameters Start
[String]$strStartsWith = "[String]"
[String]$strIntuneTenantName = "Default"
# Web Service Parameters End

# Provide the URL for the SoftwareCentral web service.
$url = 'https://swc/Api/WS_AzureActiveDirectory.asmx/GetAllowedGroups'

# Provide your Intune Tenant Id "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx".
$tenantId = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"

# Provide your Intune Client Id "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx".
# Use the same app registration (ClientID) as SoftwareCentral uses. See Configuration -> Intune Configuration -> Manage Intune Tenants.
$clientId = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"

# Provide a client secret for the app. Do not store the client secret in the script in a real world scenario.
$clientSecret = "xxxxx~xxxx-xxxxxxxxxxxxxxxxxxxxxxxxxxxxx"

# Use a certificate instead of a client secret. Remember to change the MsalParams to use the clientCertificate instead of the clientSecret.
# Note that certificates created by SoftwareCentral cannot be used for this. You must provide your own certificate.
# This example uses a certificate stored in Cert:\LocalMachine\My.
# Provide the thumbPrint for the certificate.
#$thumbPrint = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
#$clientCertificate = Get-Item "Cert:\LocalMachine\My\$($thumbPrint)";

# The Msal parameters.
$MsalParams = @{
   ClientId = $clientId
   TenantId = $tenantId
   Scopes = "https://graph.microsoft.com/.default"
   ClientSecret = ConvertTo-SecureString $clientSecret -AsPlainText -Force
   #ClientCertificate = $clientCertificate
}

# Get an access token.
$MsalResponse = Get-MsalToken @MsalParams
$AccessToken = $MsalResponse.AccessToken

# Create an HttpClient and add the access token to the authentication header.
$client = New-Object System.Net.Http.HttpClient
$client.DefaultRequestHeaders.Authorization = New-Object System.Net.Http.Headers.AuthenticationHeaderValue('Bearer', $AccessToken)

# Create the json body for the web service.
$body = @{
    strStartsWith = $strStartsWith
    strIntuneTenantName = $strIntuneTenantName
} | ConvertTo-Json

# Perform a POST and wait for the response
$content = [System.Net.Http.HttpRequestMessage]::new()
$content.Headers.Add('Accept','application/json')
$content.Content = [System.Net.Http.StringContent]::new($body, [System.Text.Encoding]::UTF8,'application/json')
$content.Method = 'POST'
$content.RequestUri = $url
$clientResultMessage = $client.SendAsync($content).
    GetAwaiter().
    GetResult()
$result =  $clientResultMessage.
    Content.
    ReadAsStringAsync().
    GetAwaiter().
    GetResult()

# Uncomment to print result as a string.
#$result | ConvertFrom-Json

# Uncomment to print the Json result to the console.
$result

Call hello world as an app.

Hello World	Copy Code
# Script example for calling the SoftwareCentral WebApi as an app. # When calling as an app, it will be treated as an administrator in SoftwareCentral with full access to every web service and resource. # Install the MSAL.PS Module from an administrative PowerShell session using: # Install-Module -name MSAL.PS # Provide the URL for the SoftwareCentral web service. $url = 'https://swc/Api/WS_HelloWorld.asmx/HelloWorld' # Provide your Intune Tenant Id "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx". $tenantId = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" # Provide your Intune Client Id "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx". # Use the same app registration (ClientID) as SoftwareCentral uses. See Configuration -> Intune Configuration -> Manage Intune Tenants. $clientId = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" # Provide a client secret for the app. Do not store the client secret in the script in a real world scenario. $clientSecret = "xxxxx~xxxx-xxxxxxxxxxxxxxxxxxxxxxxxxxxxx" # Use a certificate instead of a client secret. Remember to change the MsalParams to use the clientCertificate instead of the clientSecret. # Note that certificates created by SoftwareCentral cannot be used for this. You must provide your own certificate. # This example uses a certificate stored in Cert:\LocalMachine\My. # Provide the thumbPrint for the certificate. #$thumbPrint = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" #$clientCertificate = Get-Item "Cert:\LocalMachine\My\$($thumbPrint)"; # The Msal parameters. $MsalParams = @{ ClientId = $clientId TenantId = $tenantId Scopes = "https://graph.microsoft.com/.default" ClientSecret = ConvertTo-SecureString $clientSecret -AsPlainText -Force #ClientCertificate = $clientCertificate } # Get an access token. $MsalResponse = Get-MsalToken @MsalParams $AccessToken = $MsalResponse.AccessToken # Create an HttpClient and add the access token to the authentication header. $client = New-Object System.Net.Http.HttpClient $client.DefaultRequestHeaders.Authorization = New-Object System.Net.Http.Headers.AuthenticationHeaderValue('Bearer', $AccessToken) # Create the json body for the web service. $body = @{ } \| ConvertTo-Json # Perform a POST and wait for the response $content = [System.Net.Http.HttpRequestMessage]::new() $content.Headers.Add('Accept','application/json') $content.Content = [System.Net.Http.StringContent]::new($body, [System.Text.Encoding]::UTF8,'application/json') $content.Method = 'POST' $content.RequestUri = $url $clientResultMessage = $client.SendAsync($content). GetAwaiter(). GetResult() $result = $clientResultMessage. Content. ReadAsStringAsync(). GetAwaiter(). GetResult() # Uncomment to print result as a string. #$result \| ConvertFrom-Json # Uncomment to print the Json result to the console. $result

Hello World

Copy Code

# Script example for calling the SoftwareCentral WebApi as an app.
# When calling as an app, it will be treated as an administrator in SoftwareCentral with full access to every web service and resource.

# Install the MSAL.PS Module from an administrative PowerShell session using:
# Install-Module -name MSAL.PS

# Provide the URL for the SoftwareCentral web service.
$url = 'https://swc/Api/WS_HelloWorld.asmx/HelloWorld'

# Provide your Intune Tenant Id "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx".
$tenantId = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"

# Provide your Intune Client Id "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx".
# Use the same app registration (ClientID) as SoftwareCentral uses. See Configuration -> Intune Configuration -> Manage Intune Tenants.
$clientId = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"

# Provide a client secret for the app. Do not store the client secret in the script in a real world scenario.
$clientSecret = "xxxxx~xxxx-xxxxxxxxxxxxxxxxxxxxxxxxxxxxx"

# Use a certificate instead of a client secret. Remember to change the MsalParams to use the clientCertificate instead of the clientSecret.
# Note that certificates created by SoftwareCentral cannot be used for this. You must provide your own certificate.
# This example uses a certificate stored in Cert:\LocalMachine\My.
# Provide the thumbPrint for the certificate.
#$thumbPrint = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
#$clientCertificate = Get-Item "Cert:\LocalMachine\My\$($thumbPrint)";

# The Msal parameters.
$MsalParams = @{
   ClientId = $clientId
   TenantId = $tenantId
   Scopes = "https://graph.microsoft.com/.default"
   ClientSecret = ConvertTo-SecureString $clientSecret -AsPlainText -Force
   #ClientCertificate = $clientCertificate
}

# Get an access token.
$MsalResponse = Get-MsalToken @MsalParams
$AccessToken = $MsalResponse.AccessToken

# Create an HttpClient and add the access token to the authentication header.
$client = New-Object System.Net.Http.HttpClient
$client.DefaultRequestHeaders.Authorization = New-Object System.Net.Http.Headers.AuthenticationHeaderValue('Bearer', $AccessToken)

# Create the json body for the web service.
$body = @{
} | ConvertTo-Json

# Perform a POST and wait for the response
$content = [System.Net.Http.HttpRequestMessage]::new()
$content.Headers.Add('Accept','application/json')
$content.Content = [System.Net.Http.StringContent]::new($body, [System.Text.Encoding]::UTF8,'application/json')
$content.Method = 'POST'
$content.RequestUri = $url
$clientResultMessage = $client.SendAsync($content).
    GetAwaiter().
    GetResult()
$result =  $clientResultMessage.
    Content.
    ReadAsStringAsync().
    GetAwaiter().
    GetResult()

# Uncomment to print result as a string.
#$result | ConvertFrom-Json

# Uncomment to print the Json result to the console.
$result

Call hello world as a user.

Hello World	Copy Code
# Script example for calling the SoftwareCentral WebApi as a user. # When calling as a user, it will only be allowed to manage resources assigned to this users security roles. # Remember to assign the web service to users security role under "Settings / Web Services". # Install the MSAL.PS Module from an administrative PowerShell session using: # Install-Module -name MSAL.PS # Specify user credentials. Do not store the password in the script in a real world scenario. You can eg. use Azure Key Vault. $username = "username@domain.onmicrosoft.com" $password = "password" # Provide the URL for the SoftwareCentral web service. $url = 'https://swc/Api/WS_HelloWorld.asmx/HelloWorld' # Provide your Intune Tenant Id "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx". $tenantId = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" # By default, use the Microsoft Graph PowerShell app id "14d82eec-204b-4c2f-b7e8-296a70dab67e". If needed, you can use your own Azure AD App Id. $clientId = "14d82eec-204b-4c2f-b7e8-296a70dab67e" $securePwd = ConvertTo-SecureString $password -AsPlainText -Force $Cred = New-Object System.Management.Automation.PSCredential ($username, $securePwd) $MsalParams = @{ ClientId = $clientId TenantId = $tenantId Scopes = 'openid','profile' UserCredential = $Cred } $MsalResponse = Get-MsalToken @MsalParams -UserCredential $Cred $AccessToken = $MsalResponse.AccessToken # Create an HttpClient. $client = New-Object System.Net.Http.HttpClient $client.DefaultRequestHeaders.Authorization = New-Object System.Net.Http.Headers.AuthenticationHeaderValue('Bearer', $AccessToken) # Perform a POST $body = @{ } \| ConvertTo-Json $content = [System.Net.Http.HttpRequestMessage]::new() $content.Headers.Add('Accept','application/json') $content.Content = [System.Net.Http.StringContent]::new($body, [System.Text.Encoding]::UTF8,'application/json') $content.Method = 'POST' $content.RequestUri = $url $clientResultMessage = $client.SendAsync($content). GetAwaiter(). GetResult() $result = $clientResultMessage. Content. ReadAsStringAsync(). GetAwaiter(). GetResult() # Uncomment to print result as a string. #$result \| ConvertFrom-Json # Print the Json result to the console. $result

Hello World

Copy Code

# Script example for calling the SoftwareCentral WebApi as a user.
# When calling as a user, it will only be allowed to manage resources assigned to this users security roles.
# Remember to assign the web service to users security role under "Settings / Web Services".

# Install the MSAL.PS Module from an administrative PowerShell session using:
# Install-Module -name MSAL.PS

# Specify user credentials. Do not store the password in the script in a real world scenario. You can eg. use Azure Key Vault.
$username = "username@domain.onmicrosoft.com"
$password = "password"

# Provide the URL for the SoftwareCentral web service.
$url = 'https://swc/Api/WS_HelloWorld.asmx/HelloWorld'

# Provide your Intune Tenant Id "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx".
$tenantId = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"

# By default, use the Microsoft Graph PowerShell app id "14d82eec-204b-4c2f-b7e8-296a70dab67e". If needed, you can use your own Azure AD App Id.
$clientId = "14d82eec-204b-4c2f-b7e8-296a70dab67e"

$securePwd = ConvertTo-SecureString $password -AsPlainText -Force
$Cred = New-Object System.Management.Automation.PSCredential ($username, $securePwd)

$MsalParams = @{
   ClientId = $clientId
   TenantId = $tenantId
   Scopes   = 'openid','profile'
   UserCredential = $Cred
}

$MsalResponse = Get-MsalToken @MsalParams -UserCredential $Cred
$AccessToken = $MsalResponse.AccessToken

# Create an HttpClient.
$client = New-Object System.Net.Http.HttpClient
$client.DefaultRequestHeaders.Authorization = New-Object System.Net.Http.Headers.AuthenticationHeaderValue('Bearer', $AccessToken)

# Perform a POST
$body = @{
} | ConvertTo-Json
$content = [System.Net.Http.HttpRequestMessage]::new()
$content.Headers.Add('Accept','application/json')
$content.Content = [System.Net.Http.StringContent]::new($body, [System.Text.Encoding]::UTF8,'application/json')
$content.Method = 'POST'
$content.RequestUri = $url
$clientResultMessage = $client.SendAsync($content).
    GetAwaiter().
    GetResult()
$result =  $clientResultMessage.
    Content.
    ReadAsStringAsync().
    GetAwaiter().
    GetResult()

# Uncomment to print result as a string.
#$result | ConvertFrom-Json

# Print the Json result to the console.
$result