Using Peter Kjaer's Tridion Powershell Modules locally on a CM server usually works out of the box.
In many cases however, you may not have direct access to this server. In those cases, it is very useful to be able to connect from your local desktop.
If you have access from your local desktop to the CM GUI, this should be possible. The hardest part is usually figuring out which settings to use.
As of version 2.4 of the Tridion Powershell Modules, a few additional settings are available. The interesting settings for this subject are
- ConnectionType (additional options)
- CredentialType
- Credential
Common settings for remote usage
Let me start by sharing my mental process when deciding what connection settings to use.
As you can tell, I first determine if I need an http or https connection. When both are available I use https.
Next I work out if should use basic or windows authentication. This depends on the IIS configuration of the server.
Finally, in most cases, my local credentials will not work, because these are not known in the Content Manager. So I need to provide credentials of an existing account.
This can be done by adding the parameter "-Credential (Get-Credential)"
Because I need to connect to many different environments, I tend to store the password encrypted in a file and use these lines to create a Credential object:
$User = 'DOMAIN\User'
$CredentialFile="C:Some\Path\SomePasswordFile.txt"
$CredentialPassword = cat $credentialFile | ConvertTo-SecureString
$Credential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $User,$CredentialPassword
To store the encrypted password once use
Read-Host -AsSecureString | ConvertFrom-SecureString | Out-File $credentialFile
An example of these quick & dirty scripts can be found in the gist Sample-CoreServiceSettings-Script.ps1
CoreServiceClient versus SessionAwareCoreServiceClient
The difference between the two types of client deserve a separate article.
For i'll only mention that for remote usage, in most cases the CoreServiceClient is easier to setup and you do not miss any relevant functionality, compared to using the SessionAwareCoreServiceClient.
The ConnectionTypes Basic and Basic-SSL will result in a CoreServiceClient . All other ConnectionTypes generate a SessionAwareCoreServiceClient.
ConnectionType
The Connection type determines not only the protocol used to communicate, but also the kind of client created and the authentication mechanism used.
There are three protocols available, NetTcp, Https and Http, each with their own usages and defaults.
NetTcp is the fastest protocol, but it is normally only available on the local machine. It uses a Session Aware Client and Windows Authentication.
For remote access you will be using Http or Https. The choice is realistically set by the protocols enabled for the CM environment.
If the GUI is only available on Http or https, that determines your choice.
The protocols used for each ConnectionType are
Connection Type | Protocol |
Default | HTTPS |
netTCP | nettcp |
SSL | HTTPS |
LDAP | HTTP |
LDAP-SSL | HTTPS |
Basic | HTTP |
Basic-SSL | HTTPS |
CredentialType
This is a new settings which allows you to override the authentication mechanism used for a given connection type.
This setting is only relevant when using any of the http(s) based connection types.
'Default' means that you will be using the Authentication mechanism set by default for the connection type.
'Windows' will change the authentication mechanism to Windows Authentication
'Basic' will change the authentication mechanism to Basic Authentication
Your choice is determined by the Authentication mechanisms configured in the IIS Site of the CM server.
The default CredentialType for each ConnectionType
Connection Type | Credential Type |
default | Windows |
netTcp | Windows |
SSL | Windows |
LDAP | Basic |
LDAP-SSL | Basic |
Basic | Windows |
Basic-SSL | Windows |
The relation between IIS settings and Credential Type are
IIS setting | CredentialType |
Basic Authentication Enabled | Basic |
WindowsAuthentication Enabled | Windows |