I have written about authenticating with the Pure1 REST API, and my PowerShell module in the past:
NOTE: This workaround is not really needed anymore with the default behavior of the module. See this post: https://www.codyhosterman.com/2019/12/pure1-rest-api-authentication-made-easy/
One of the issues is that if you followed my default instructions, you would need to run the PowerShell window as an admin to be able to create the connection. The answer–now that I think about it is fairly obvious: non-admin users (or admins not running in admin mode) don’t have security rights to it. Duh!
The internal method used in the cmdlet is GetRSAPrivateKey:
You will see a cryptic error: “Exception calling “GetRSAPrivateKey” with “1” argument(s): “Invalid provider type specified.”
So a couple ways to fix this.
First in the GUI. Launch MMC, and add/remove snapin and choose certificates. Depending on where your cert is dictates which one you choose. My cert is stored in the personal folder on the local machine group:
You can see my cert here:
So right-click and choose Properties > Manage Private Keys…
Click Add then add the user you want to be able to access the private key.
It defaults to full control, but you do not need that, you can just give read access if you prefer:
Now you can run it without being in admin mode:
If you want to do this in PowerShell, it is fairly simple too. This part does need to be run as admin! But once done, the Pure1 module can be run as a regular user.
Grab your cert:
$CertObj= Get-ChildItem Cert:\LocalMachine\my\6D75482829CBDB7FCF8AADD193A71BB4299AC1BD
Pull out the key:
$rsaCert = [System.Security.Cryptography.X509Certificates.RSACertificateExtensions]::GetRSAPrivateKey($CertObj)
Then grab the permissions of the key:
$fileName = $rsaCert.key.UniqueName $path = "$env:ALLUSERSPROFILE\Microsoft\Crypto\Keys\$fileName" $permissions = Get-Acl -Path $path
Now create the permission. In this case the username is “cody” and I want to provide “read” permissions:
$rule = new-object security.accesscontrol.filesystemaccessrule "cody", "read", allow
Now apply the new permission:
$permissions.AddAccessRule($rule) Set-Acl -Path $path -AclObject $permissions
All good now!