Whoop! As of today, PowerShell Universal Dashboard is now capable of authenticating users. Now you can easily validate users with popular the OAuth providers Facebook, Google, Microsoft and Twitter. Additionally, you can build your own authentication methods with PowerShell to validate credentials against systems like Active Directory.
Creating a Login Page
Login pages can now be added to dashboards by using the New-UDLoginPage cmdlet. This cmdlet offers a bunch of customizations such as logo, text and colors. Additionally, you can choose one or more authentication methods. As of this writing, you can authenticate against Facebook, Google, Microsoft, Twitter and your own custom authentication provider. New-UDLoginPage only requires one or more authentication methods to be defined.
Defining an authentication method is easy. One way of doing this is to configure a custom PowerShell endpoint to handle the credentials. A PSCredential object is passed to your script block and then you can choose to authenticate your user how ever you see fit. Here’s an example of how to validate whether I’m logging in.
In addition to a basic login form, you can also use a collection of OAuth providers to authenticate users. Microsoft has some great documentation on how to setup applications with the different providers. Check out the links below for each of the different services.
Don’t worry about the details of the ASP.NET Core implementation. That’s all taken care of for you inside Universal Dashboard. You’ll need to configure your application “callback URL” in the service to point back to Universal Dashboard. Depending on the provider, you need to specify the URL of the dashboard with “signin-<provider>”. For example, for Facebook, you could do something like http://localhost:10000/signin-facebook. After that all you’ll need are an application ID and secret. The different services refer to them slightly differently but can be passed to New-UDAuthenticationMethod all the same. Aliases are available on the parameters to ensure you get it right. Here’s an example of providing Microsoft authentication to your dashboard.
I have my Platforms setup like this inside the application registration settings on the Microsoft site.
Once you create your login page, you can pass it to New-UDDashboard.
Bam! You’re up and running with a new login page for your dashboard. The rest of the pages are now protected from unauthenticated access and you have a pretty login page.
Dynamic Home Pages
Also available in the new version of Universal Dashboard, you can now create dynamic home pages. Previously, you need to have a static page for the home page. That said, if you create a dynamic home page, you can’t include any variables in the URL name. This means that you have access to the user name of authenticated user during the generation of your dynamic page. In any endpoint, you can access the $User variable to get access to the username of the user that logged into the dashboard. This will allow you to create custom dashboards for users. Here’s an example of adding the user name to a UDCard title.
The resulting value would look like this if I logged in.
Here’s the full contents for the script described in this post.
Coming soon! There is still no authentication for REST APIs. If you create any REST APIs in your dashboard, they will be accessible without authentication.
The full release notes are available on GitHub. There are some other cool features\bug fixes worth checking out. If you have any issues, feel free to open an issue. Join the Gitter chat room to get help.