Using Webservices with IWA via Perl
Overview
You can enable webservices at Admin > Configuration on the General tab. Checking the Enable Webservices check box makes the ASP.NET SOAP and REST webservices built into Secret Server available for use. Additional steps are needed in IIS to ensure proper access.
Procedure
To enable IWA for webservices in IIS:
-
Open IIS Manager (
inetmgr). -
Expand the Sites node until you locate your Secret Server application or website
-
Expand the Secret Server node to locate the winauthwebservices folder.
-
Click on the winauthwebservices folder.
-
Click on authentication in the Security section.
-
Disable Anonymous Authentication.
-
Enable Windows Authentication.
If you are using IIS7 or greater and do not see this option, the option will need to be added through the server roles (webserver). IIS may give an alert about using both challenge and redirect-based authentication, which you can ignore.) -
Open Windows Explorer.
-
Navigate to the winauthwebservices folder.
-
Give read access to the winauthwebservices folder to the domain users and groups that will be using IWA to access the webservices.
Example
Overview
The SOAP web service URL for IWA is <Secret Server URL>/winauthwebservices/sswinauthwebservice.asmx.
The method below uses the SecretServerGetSecret.ps1 PowerShell script to make the SecretGet WebService call, exposing it through the SecretServer.pm Perl package. The Sample.pl file uses the SecretServer.pm package to retrieve specific fields from the result.
The flow is as follows:
-
Your Perl script (
sample.pl) makes a request to theSecretServer.pmpackage. -
The
SecretServer.pmpackage passes the request on to theSecretServerGetSecret.ps1PowerShell script. -
The
SecretServerGetSecret.ps1PowerShell script calls the Secret Server web services and authenticates using the service account thatsample.plis running under. -
The results are passed back to
SecretServer.pmand then on to your Perl script (Sample.pl) -
Create the following three files:
SecretServerGetSecret.ps1
# Sample Powershell Script
# demonstrating retrieval of a Secret from Secret Server
# via web service protected by Windows Authentication
# returned as Xml
$where = $args[0]
$secretId = $args[1]
$ws = New-WebServiceProxy -uri $where -UseDefaultCredential
$wsResult = $ws.GetSecret($secretId)
$res = convertto-xml $wsResult.Secret -As string -Depth 20
$res
SecretServer.pm
package SecretServer;
use strict;
sub usage {
print "\nUsage: GetSecret [webservice url] [secretid]\n";
}
sub new {
my($class, %args) = @_;
my $self = bless({}, $class);
return($self);
}
sub get_secret {
my($self, $url, $secretid) = @_;
my $result = powershell.exe .\\SecretServerGetSecret.ps1 $url $secretid;
return($result);
}
sub get_field_from_result {
my($self, $result, $field) = @_;
$result =~/<Property Name="Value" Type="System.String">([^<>]+)<\/Property>(?:\s*<Property Name="(?!FieldName)[^"]+"[^>]+>[^<]+<\/Property>\s*)*<Property Name="FieldName"[^<>]+>$field<\/Property>/gsi;
return("$1");
}
1;
# this is if you want to execute the Get Secret call manually from the command line
# if (@ARGV != 2)
# {
# usage(); # Call subroutine usage()
# exit(); # When usage() has completed execution,
# # exit the program.
# }
# my $url = $ARGV[0];
# my $secretid = $ARGV[1];
# my $result = powershell.exe .\\SecretServerGetSecret.ps1 $url $secretid;
# print $result;
Sample.pl
use lib 'C:/<Path to the SecretServer.pm file>';
use SecretServer;
my $x = SecretServer->new();
# Change this value to match your URL
my $url = '<Secret Server Url>/winauthwebservices/sswinauthwebservice.asmx';
# Change this value to match your desired Secret Id
my $secretid = 17;
my $result = $x->get_secret($url, $secretid);
my $username = $x->get_field_from_result($result, 'UserName');
my $password = $x->get_field_from_result($result, 'Password');
print "$username : $password";
