2022-03-30 05:27 PM - edited 2022-03-30 05:31 PM
I am creating my first Web Service API. I started out by taking one of the standard scripts for obtaining a session token and creating a PowerShell script:
When I execute this script instead of getting a session token I get:
If I look at the IIS Logs I see an entry
The timestamp matches up to the time of when I executed the PS Script. I am thinking that this is an IIS issue. Any hint of where I should start looking to get past this message?
Thanks,
2022-03-31 05:19 PM - edited 2022-03-31 05:20 PM
In the past, I've seen issues using your code sample when PowerShell tries connecting to a remote Archer web server or AWS instance via a custom port like https://localhost:50004/RSAarcher. I think a workaround I used may apply in your situation based on the tests done above. Please try the following code.
$apiUrl = $base_Url + "/ws/general.asmx?wsdl"
$ws = New-WebServiceProxy -Uri $apiUrl
$autoGenNamespace = $ws.GetType().Namespace + '.General'
$req = New-Object ($autoGenNamespace)
$req.Url = $apiUrl
$req.AllowAutoRedirect = $true
$req.Timeout = 60000
if ($userDomain -eq "") {
$SessionToken = $req.CreateUserSessionFromInstance($username, $instanceName, $password)
}
else {
$SessionToken = $req.CreateDomainUserSessionFromInstance($username, $instanceName, $password, $userDomain)
}
write-host "Session Token : $SessionToken" -ForegroundColor Yellow
2022-03-31 08:28 AM
@DavidEllis1 sounds like PowerShell isn't asking for the wsdl or something on IIS is blocking it.
What do you get if you go to https://[domain]//ws/general.asmx?wsdl from your browser?
Advisory Consultant
2022-03-31 11:34 AM
David,
Thanks for responding. When I try the URL that you suggested I get:
Our IIS setting have been hardened. We are also using SAML2 for SSO login but do allow manual login.
2022-03-31 11:36 AM - edited 2022-03-31 11:36 AM
@DavidEllis1 if based on your PowerShell script you're missing \RSAArcher in the URL.
https://[domain]/RSAArcher/ws/general.asmx?wsdl
Advisory Consultant
2022-03-31 12:36 PM
David,
The script does have /RSAarcher in the URL as seen below. This is then concatenated in the script to $api_url = $base_url + "/ws/general.asmx" to be the full URL.
If I try the URL Again from the browser on the server I get
If I chose the CreateUserSessionFromInstance I get this.
If I fill in the blanks I get a session ID:
I think the script is duplicating what is on the browser screen. I am executing the PS script from the same computer that I am manually connecting to from the browser. Not sure why the script is not giving me the same result as doing it manually.
Thanks,
2022-03-31 01:11 PM - edited 2022-03-31 01:12 PM
@DavidEllis1, I'm more curious if you get the WSDL via https://[domain]/RSAArcher/ws/general.asmx?wsdl
Advisory Consultant
2022-03-31 04:05 PM
If I try https://xxxxxxx.gsa.gov/RSAArcher/ws/general.asmx?wsdl
I get this:
Is this what you are referring to?
2022-03-31 04:16 PM
Yes, thanks. So, IIS isn't doing anything to block the request and going through the web service on the server show Archer isn't having any problems. Something though is blocking the script from getting that information.
Advisory Consultant
2022-03-31 04:34 PM
Thanks for that confirmation. I was worried that some IIS Hardening setting that we applied might be the culprit. Where do you suggest I look next or should I open a case for this?
2022-03-31 04:50 PM - edited 2022-03-31 04:50 PM
I don't know if support can help being it's not an IIS or Archer issue. Is it possible that where you're running the PowerShell script is locked down to prevent web calls?
@JeffLetterman do know why a PowerShell script would throw this error?
Advisory Consultant