7

I have an asp.net mvc application, which allows to upload company structure using CSV file. I was asked about possibility to automate this function using powershell script.Creating CSV in powershell is easy, but I do not have an idea how upload to asp.net.

My first choice was to use WebClient, but I have problem with authentication - in mvc we are using forms authentication.I read here that it is possible, but if my login form changes I will have to send updated script to client. I would like to omit mange code on client side.

The second option is to crate separate controller and use in it authorization token, but I look like "inventing a wheel again", because I would need to write all code responsible for authentication.

Can I improve one of above options? Or maybe there is a better choice?

Improve this question
2
  • Do you need to know which person in a company uploaded a file? If not, why not just create a https web api and use a simple "apikey". Provide each company with a script that has their "apikey" and the rest api link, and you're set to go. Commented Apr 16, 2013 at 20:23
  • For security reasons I think yes. I was thinking about api key for everyone, but I am not sure if it is a good idea Commented Apr 17, 2013 at 3:24

3 Answers 3

Reset to default
1

You might be able to use the existing web service using the Invoke-RestMethod cmdlet, but it could take two separate invokes. For both invocations you'll probably need to say -Method Post. Its possible to do all this with WebClient, but the cmdlet may be easier to describe. I haven't actually tried this, but it could look something like this:

Invoke-RestMethod -Method Post $loginPage -SessionVariable webSession -Body "..."
Invoke-RestMethod -Method Post $uploadPage -WebSession $webSession -Body "..."

For the first invocation, you specify the URL of the login page, and would simulate a web forms login by providing a username and password in the -Body parmeter, and use -SessionVariable to capture and store context for making the next request(s) authenticated.

In the second request, you use your data upload URL, the -WebSession parameter to supply the context established by the first request, and -Body to upload your CSV. Note that you need the dollar sign on the webSession variable in the second one, but not the first.

Of course, you'll need to store the username/password for the automation to use somewhere, but that's always needed for unattended automation. A possible slick approach to mitigate this would be to use client certificate-based credentials rather than a web form authentication.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

I will try this solution. +1 for idea
0

How about using a side channel?

There are two approaches. You either send it to the customer's web server every now and then, or the web server downloads the data from you.

For sending data, FTP over SSL should be secure enough. Here is an example about how to command FTP with Powershell. FTP/SSL is easy enough to configure for IIS.

For receiving data, just publish the CSV on your own web site. Set up a script on the customer's web server that downloads CSV every now and then. If the CSV should not be accessible to anyone but the customer, require a client certificate.

Improve this answer

3 Comments

But I need this other-way. Client generates CSV with company structure and upload it to my server.
Huh? Just reverse the roles?
How can I discover that company uploaded file to FTP? Morover i will have to create certificate for every company, create folder per company, etc. It is difficult to manage.
0

I would probably do it like this:

  • Step 1: Create an https webpage on the asp.net server to receive the csv
  • Step 2: Create a powershell script that calls curl with the -F option to post a file to it and append any metadata you need on the call
  • Step 3: Upon receiving the file, store it using the metadata provided in the form and append clientid/date/etc to the file
Improve this answer

2 Comments

The problem is with authentication. Https is only protocol
My bad I didn't read it through, guess you can always call wget or something to submit to the login form and store the cookie so you can later append on the request, if you want a volatile var name on the client download a configuration file beforehand.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.