src/Administration/Connect-XrmAdmin.ps1
|
. "$PsScriptRoot\..\_Internals\CryptoManager.ps1" <# .SYNOPSIS Use Add-PowerAppsAccount cmdlet signs in the user or application account and saves the sign in information to cache. .DESCRIPTION Use this command to embed Power Apps Admin cmdlets .PARAMETER UserName User login .PARAMETER Password User password .PARAMETER TenantId AAD tenant ID (use with Client ID / secret) .PARAMETER TenantId AAD tenant ID (use with ApplicationId / ClientSecret) .PARAMETER ApplicationId AAD Application ID .PARAMETER ClientSecret AAD Application secret .PARAMETER CertificateThumbprint AAD Application Certificate Thumbprint .PARAMETER IsEncrypted Specify if password or secret are encrypted. #> function Connect-XrmAdmin { [CmdletBinding()] param ( [Parameter(Mandatory = $false)] [String] $UserName, [Parameter(Mandatory = $false)] [String] $Password, [Parameter(Mandatory = $false)] [String] $TenantId, [Parameter(Mandatory = $false)] [String] $ApplicationId, [Parameter(Mandatory = $false)] [String] $ClientSecret, [Parameter(Mandatory = $false)] [String] $CertificateThumbprint, [Parameter(Mandatory = $false)] [bool] $IsEncrypted = $false ) begin { $StopWatch = [System.Diagnostics.Stopwatch]::StartNew(); Trace-XrmFunction -Name $MyInvocation.MyCommand.Name -Stage Start -Parameters ($MyInvocation.MyCommand.Parameters); } process { if($Global:XrmContext -and $Global:XrmContext.CurrentConnection){ $xrmConnection = $Global:XrmContext.CurrentConnection; } if ($PSBoundParameters.ContainsKey('UserName')) { $xrmConnection = New-XrmConnection; $xrmConnection.AuthType = "Office365"; $xrmConnection.UserName = $UserName; if($IsEncrypted){ $xrmConnection.Password = Unprotect-XrmToolBoxPassword -EncryptedPassword $Password; } else{ $xrmConnection.Password = $Password; } $xrmConnection.Credentials = $credentials; } elseif ($PSBoundParameters.ContainsKey('ClientSecret')) { $xrmConnection = New-XrmConnection; $xrmConnection.AuthType = "ClientSecret"; $xrmConnection.TenantId = $TenantId; $xrmConnection.ApplicationId = $ApplicationId; if($IsEncrypted){ $xrmConnection.ClientSecret = Unprotect-XrmToolBoxPassword -EncryptedPassword $ClientSecret; } else{ $xrmConnection.ClientSecret = $ClientSecret; } } elseif ($PSBoundParameters.ContainsKey('CertificateThumbprint')) { $xrmConnection = New-XrmConnection; $xrmConnection.AuthType = "Certificate"; $xrmConnection.TenantId = $TenantId; $xrmConnection.ApplicationId = $ApplicationId; $xrmConnection.CertificateThumbprint = $CertificateThumbprint; } else { if (-not $Global:XrmContext) { Add-PowerAppsAccount; if (-not $Global:XrmContext) { $Global:XrmContext = New-XrmContext; } $Global:XrmContext.IsAdminConnected = $true; $Global:XrmContext.IsEncrypted = $IsEncrypted; return; } } if (-not $Global:XrmContext) { $Global:XrmContext = New-XrmContext; $Global:XrmContext.CurrentConnection = $xrmConnection; } else { if ($xrmConnection) { $Global:XrmContext.CurrentConnection = $xrmConnection; } } $Global:XrmContext.IsAdminConnected = Connect-XrmAdminInternal; $Global:XrmContext.IsEncrypted = $IsEncrypted; } end { $StopWatch.Stop(); Trace-XrmFunction -Name $MyInvocation.MyCommand.Name -Stage Stop -StopWatch $StopWatch; } } function Connect-XrmAdminInternal { [CmdletBinding()] param ( ) begin { $StopWatch = [System.Diagnostics.Stopwatch]::StartNew(); Trace-XrmFunction -Name $MyInvocation.MyCommand.Name -Stage Start -Parameters ($MyInvocation.MyCommand.Parameters); } process { # This is just a wrapper for Power Apps admin connection # It could be done differently # I don't know if endpoint or audience are usefull here # https://docs.microsoft.com/en-us/powershell/module/microsoft.powerapps.administration.powershell/add-powerappsaccount?view=pa-ps-latest # Force disconnect to refresh token $Global:currentSession = $null; Remove-PowerAppsAccount; # Force TLS 1.2 [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.SecurityProtocolType]::Tls12; $xrmConnection = $Global:XrmContext.CurrentConnection; $authType = $xrmConnection.AuthType.ToLower(); if ($authType -eq "oauth") { if ($xrmConnection.Password) { $authType = "office365"; } elseif ($xrmConnection.ClientSecret) { $authType = "clientsecret"; } } if ($authType -eq "office365") { # Set Credential object required authentications $credentials = Set-XrmCredentials -Login $xrmConnection.UserName -Password $xrmConnection.Password; $securePassword = ConvertTo-SecureString -String $xrmConnection.Password -AsPlainText -Force; Add-PowerAppsAccount -Username $xrmConnection.UserName -Password $securePassword -Endpoint prod; return $true; } elseif ($authType -eq "clientsecret") { Add-PowerAppsAccount -TenantID $xrmConnection.TenantId -ApplicationId $xrmConnection.ApplicationId -ClientSecret $xrmConnection.ClientSecret -Endpoint prod; return $true; } elseif ($authType -eq "certificate") { Add-PowerAppsAccount -TenantID $xrmConnection.TenantId -ApplicationId $xrmConnection.ApplicationId -CertificateThumbprint $xrmConnection.CertificateThumbprint -Endpoint prod; return $true; } return $false; } end { $StopWatch.Stop(); Trace-XrmFunction -Name $MyInvocation.MyCommand.Name -Stage Stop -StopWatch $StopWatch; } } Export-ModuleMember -Function Connect-XrmAdmin -Alias *; |