Friday, August 22, 2014

Using Powershells Scripts in Software Solutions

I've been working on a project that will require being able to run Powershell scripts from a Silverlight application. What we want is to give users the option of running their own scripts to do calculations that our app does not already do. Fortunately, one of my co-workers has already figured out how to add add a routine to run Powershell scripts. All we need to do is to pass it the script as a text string. He used two articles to write the service we are using:

http://www.codeproject.com/Articles/18229/How-to-run-PowerShell-scripts-from-C
http://www.codeproject.com/Articles/18409/Asynchronously-Execute-PowerShell-Scripts-from-C

In addition there are three things that came up in trying to write Powersehell scripts. 1. The set-excutionpolicy cmdlet must be set on the computer that will run the scripts. A good link for understanding what your options is: http://technet.microsoft.com/en-us/library/ee176961.aspx
You should choose the option that is best for your situation. Because our app will be on a webserver, we will need to use high security like the policy "allsigned" because then only signed scripts will be allowed to run.

2. This choice means that I  had to figure out how to digitally sign my scripts. One easy way would have been to buy a digital certificate from Globalsign or Verisign. Problem is that this can be expensive, so I opted for self-signing. Searching the internet kept turning up a solution such as:

http://powershellscripts.com/article3_powershell_script_signing.html

The problem with this is that I could not install the sdk so I could run MakeCert.exe This means that I could not create a certificate let alone sign my scripts. But I found a Powershell scripts that creates a certificate for free and when I tired to use the certificate, it worked! You can find the script at:

http://itproguru.com/expert/2013/10/how-to-create-a-self-signed-computer-certificate-using-powershell-step-by-step-much-easier-than-makecert-exe/

The following article explains what to do with the certificate after generating it. One important thing to remember is that when the script is signed, it is important to export the certificate because if you wanna run the script on a different computer than the one you wrote the script on, you have to install your certificate on that computer.

http://www.hanselman.com/blog/SigningPowerShellScripts.aspx

I did find a problem. Sometimes you may get an error when you try to run:

PS C:\> Set-AuthenticodeSignature c:\foo.ps1 @(Get-ChildItem cert:\CurrentUser\My -codesign)[0]

where C:\foo.ps1 is the name of the script you are signing. The error is an "Unknown Error". Here is a link that explains how to fix it. I just opened the script in notepad and then resaved it and the error went away just like the article said it would

http://blogs.msdn.com/b/vijay/archive/2010/07/13/quot-set-authenticodesignature-quot-returns-unknown-error-while-registering-the-script-with-a-certificate.aspx

3. The other issue is that some scripts require administrative permissions to run properly. It would be best if the program could elevate itself rather than be ran from a prompt with administrative permission. This is very important for me too because I'm calling the script from Silverlight not from a command prompt. But this article saved me.

http://stackoverflow.com/questions/7690994/powershell-running-a-command-as-administrator

All in all,putting these three things together will mean being able to write powershell scripts in any Windows environment.



No comments: