Basic forms authentication
In this lecture, we'll look at how to configure forms authentication. First, I'll talk about how to securely store credentials and check them within the forms authentication script. Next, we'll look at how to assign custom claims to a user during login. Finally, we'll map a built-in PSU role to the custom claim.
Compare-SecureString
param( [PSCredential]$Credential ) function Compare-SecureString { param( [Security.SecureString] $secureString1, [Security.SecureString] $secureString2 ) try { $bstr1 = [Runtime.InteropServices.Marshal]::SecureStringToBSTR($secureString1) $bstr2 = [Runtime.InteropServices.Marshal]::SecureStringToBSTR($secureString2) $length1 = [Runtime.InteropServices.Marshal]::ReadInt32($bstr1, -4) $length2 = [Runtime.InteropServices.Marshal]::ReadInt32($bstr2, -4) if ( $length1 -ne $length2 ) { return $false } for ( $i = 0; $i -lt $length1; ++$i ) { $b1 = [Runtime.InteropServices.Marshal]::ReadByte($bstr1, $i) $b2 = [Runtime.InteropServices.Marshal]::ReadByte($bstr2, $i) if ( $b1 -ne $b2 ) { return $false } } return $true } finally { if ( $bstr1 -ne [IntPtr]::Zero ) { [Runtime.InteropServices.Marshal]::ZeroFreeBSTR($bstr1) } if ( $bstr2 -ne [IntPtr]::Zero ) { [Runtime.InteropServices.Marshal]::ZeroFreeBSTR($bstr2) } } } if ($Credential.UserName -eq $AdminAccount.UserName -and (Compare-SecureString -secureString1 $Credential.Password -secureString2 $AdminAccount.Password)) { New-PSUAuthenticationResult -Success -UserName 'Admin' -Claims { New-PSUAuthorizationClaim -Type 'Role' -Value 'MyRole' } } else { New-PSUAuthenticationResult -ErrorMessage 'Bad username or password' }