description	ms.date	ms.topic	title
Avoid sending credentials and secrets over unencrypted connections	02/28/2024	reference	AvoidUsingAllowUnencryptedAuthentication

AvoidUsingAllowUnencryptedAuthentication

Severity Level: Warning

Description

Avoid using the AllowUnencryptedAuthentication parameter of Invoke-WebRequest and Invoke-RestMethod. When using this parameter, the cmdlets send credentials and secrets over unencrypted connections. This should be avoided except for compatibility with legacy systems.

For more details, see Invoke-RestMethod.

How

Avoid using the AllowUnencryptedAuthentication parameter.

Example 1

Wrong

Invoke-WebRequest foo -AllowUnencryptedAuthentication

Correct

Invoke-WebRequest foo

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

AvoidUsingAllowUnencryptedAuthentication.md

AvoidUsingAllowUnencryptedAuthentication.md

AvoidUsingAllowUnencryptedAuthentication

Description

How

Example 1

Wrong

Correct

Files

AvoidUsingAllowUnencryptedAuthentication.md

Latest commit

History

AvoidUsingAllowUnencryptedAuthentication.md

File metadata and controls

AvoidUsingAllowUnencryptedAuthentication

Description

How

Example 1

Wrong

Correct