Connecting remotely to Core Services using the Tridion Powershell Modules

Using Peter Kjaer's Tridion Powershell Modules locally on a CM server usually works out of the box.
In many cases however, you may not have direct access to this server. In those cases, it is very useful to be able to connect from your local desktop.

If you have access from your local desktop to the CM GUI, this should be possible. The hardest part is usually figuring out which settings to use.

As of version 2.4 of the Tridion Powershell Modules, a few additional settings are available. The interesting settings for this subject are

  • ConnectionType (additional options)
  • CredentialType
  • Credential

Common settings for remote usage

Let me start by sharing my mental process when deciding what connection settings to use.

As you can tell, I first determine if I need an http or https connection. When both are available I use https.
Next I work out if should use basic or windows authentication. This depends on the IIS configuration of the server.
Finally, in most cases, my local credentials will not work, because these are not known in the Content Manager. So I need to provide credentials of an existing account.
This can be done by adding the parameter "-Credential (Get-Credential)"

Because I need to connect to many different environments, I tend to store the password encrypted in a file and use these lines to create a Credential object:

$User = 'DOMAIN\User'
$CredentialFile="C:Some\Path\SomePasswordFile.txt"
$CredentialPassword = cat $credentialFile |  ConvertTo-SecureString
$Credential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $User,$CredentialPassword

To store the encrypted password once use
Read-Host -AsSecureString | ConvertFrom-SecureString | Out-File $credentialFile

An example of these quick & dirty scripts can be found in the gist Sample-CoreServiceSettings-Script.ps1

 

CoreServiceClient versus SessionAwareCoreServiceClient

The difference between the two types of client deserve a separate article.

For i'll  only mention that for remote usage, in most cases the CoreServiceClient is easier to  setup and you do not miss any relevant functionality, compared to  using the SessionAwareCoreServiceClient.

The ConnectionTypes Basic and Basic-SSL  will result in  a CoreServiceClient . All other ConnectionTypes generate a SessionAwareCoreServiceClient.

 

ConnectionType

The Connection type determines not only the protocol used to communicate, but also the kind of client created and the authentication mechanism used.
There are three protocols available, NetTcp, Https and Http, each with their own usages and defaults.
NetTcp is the fastest protocol, but it is normally only available on the local machine. It uses a Session Aware Client and Windows Authentication.

For remote access you will be using Http or Https. The choice is realistically set by the protocols enabled for the CM environment.
If the GUI is only available on Http or https, that determines your choice.

The protocols used for each ConnectionType are

Connection Type Protocol
Default HTTPS
netTCP nettcp
SSL HTTPS
LDAP HTTP
LDAP-SSL HTTPS
Basic HTTP
Basic-SSL HTTPS

 

CredentialType

This is a new settings which allows you to override the authentication mechanism used for a given connection type.
This setting is only relevant when using any of the http(s) based connection types.
'Default' means that you will be using the Authentication mechanism set by default for the connection type.
'Windows' will change the authentication mechanism to Windows Authentication
'Basic' will change the authentication mechanism to Basic Authentication
Your choice is determined by the Authentication mechanisms configured in the IIS Site of the CM server.

The default CredentialType for each ConnectionType

Connection Type  Credential Type 
default Windows
netTcp Windows
SSL Windows
LDAP Basic
LDAP-SSL Basic
Basic Windows
Basic-SSL Windows

 

The relation between IIS settings and Credential Type are 

IIS setting  CredentialType
Basic Authentication Enabled Basic
WindowsAuthentication Enabled Windows