Disable form based auth?

Our setup is using the MSI-installed service - is that how yours are set?

So far, all we’re using PSU for is to run some scripts on a schedule or being triggered via API (webhooks). We aren’t using it for anything else (yet).

The Git instability I mentioned are just random errors I see literally every day so far, such as “failed to write chunk header: The server returned an invalid or unrecognized response.”, or 503 errors, etc. Not one day has gone by where there hasn’t been some issue. The repo. we sync with is Azure DevOps (because it’s free with our licensing), if that maybe makes a difference.

And, I meant coreclr.dll not “corectl.dll”

Why do you say using something like Pipedream wouldn’t be an option for you? What are you doing in PSU that couldn’t be replicated in Pipedream?

I’ve previously had it configured in IIS via the zip.
I’ve used docker for an azure webapp too.
But currently I’m running it as a service via the msi.
I’ve got my git sying to azure dev ops currently too, do you use a PAT token to authenticate? I’ve run mine both with internal and external git - managed to get both working, but settled on internal. May be worth also switching and trying yours with external to try and isolate your issues.

On the pipedream comment, I’m really using PSU more for the web apps, not just buidling API’s / scheduled scripts.
I use web apps as both a management layer for the teams I’m building automations for, dashboarding for metrics & documentation, and also end user interaction, for example, a portal for access reviews, server lifecycle management, servicedesk tooling, application onboarding, just to name a few.
As a personal project I’m also using it to build my community homebrew club website!

Yes, our Git sync is using a PAT as well, and the Git repo is external. We don’t have a hybrid setup with a local repo (if that’s what you were saying).

I see. So, yeah, in your case a service like Pipedream wouldn’t really help, but for what we’re doing (at least so far), it likely would fill PSU’s shoes easily.

With one of the changes in the 5.0.0 release’s notes mentioning that the app development feature is going away, I wasn’t sure how that would translate if we started using them and they went away with an update. Maybe I just don’t understand what that change is really doing.

Back to the original topic, real quick: if you remove the role from the local account, how do you add it back via a config file? Isn’t the user account in a database, not a config file?

Actually yeah you’re right… I didnt think that one through did I.
I dont really use the local db for anything other than a single variable which allows me to connect to azure key vault for everything else, so I’d likley just have to delete the local DB so the local admin regenerates as default in a worse case scenario but I’m okay with OIDC only at the moment.

No I wasnt talking about a local repo, under the git settings you can choose to use an external git client instead of the bundled one inside PSU:
Git | v4 | PowerShell Universal

I havent read that about the v5 app development feature but I’d be interested to see, I couldnt find it in the docs/changelog, do you mind linking it? Apps themselves as a whole are an intergral part of PSU and here to stay so they won’t be going anywhere but I’d assume its talking about the GUI side of things, there was efforts to introduce a wizard style drag/drop page creator, I never really used it myself but I imagine it would be hard to maintain for the product owner. Unless of course it’s talking about something entirely different.

I removed the role but I think I’ll likely put it back and go the route I mentioned earlier, with putting the site behind a load balancer so we can do some header inspections and prevent the use of /login altogether if it’s coming from outside of our network.

Ah. I see. So, yeah, we’re using the internal Git “client”. We did have it set up to use the external client at one point, but went back to the internal client - I can’t remember why. Might have just been part of blowing away the settings and redoing them, and just forgot to toggle the option. I suppose we could try it again to see if it resolves any of the issues there.

Sure. This is where I got the info about 5.0: https://imsreleases.blob.core.windows.net/universal-nightly/8196607421/release.md and it’s specifically the line - PowerShell App designer has been removed. I wasn’t sure how to take it, given that the next lines specifically talk about Apps features being added.

Thanks. Yeah it was basically the ‘app designer’ which was the drag and drop designer they added for v4. I think it was supposed to appeal more to the low-code no code crowd, but for me it was really clunky and hard to use in a more tailored way, I think that the real userbase of PSU is predominantly going to be code oriented anyway given the nature of the beast so maybe it didnt work out and they decided to kill it, or maybe it just didnt fit into the roadmap with the new changes coming in for v5.

And thats not a bad shout on your LB config to block traffic to that route, I’l probbaly end up doing something similar eventually at my current org.

1 Like

Circling back to this, we finished the load-balancer implementation today. So, internally we can still access /login but any external attempts to /login (and any possible sub-path of /login) are denied.