[Identity] Update AzurePowerShellCredential script

- Only add the `-AsSecureString` argument when available and needed.
  This argument is no longer needed for `Az.Accounts` versions 5.0.0 and
  above.
- Update secure string parsing logic to allow it to work if a user is
  using Windows PowerShell instead of PowerShell 7+.

Signed-off-by: Paul Van Eck <[email protected]>

Author: pvaneck

sdk/identity/azure-identity/CHANGELOG.md

@@ -8,6 +8,8 @@
 
 ### Bugs Fixed
 
+- Fixed an issue with `AzurePowerShellCredential` not working correctly for users still using older versions of PowerShell (e.g., Windows PowerShell 5.1) where `-AsPlainText` is not supported in the `ConvertFrom-SecureString` cmdlet.  ([#41675](https://github.com/Azure/azure-sdk-for-python/pull/41675))
+
 ### Other Changes
 
 ## 1.23.0 (2025-05-13)

sdk/identity/azure-identity/azure/identity/_credentials/azure_powershell.py

@@ -41,15 +41,25 @@
     $params['TenantId'] = $tenantId
 }}
 
-$useSecureString = $m.Version -ge [version]'2.17.0'
-if ($useSecureString) {{
+if ($m.Version -ge [version]'2.17.0' -and $m.Version -lt [version]'5.0.0') {{
     $params['AsSecureString'] = $true
 }}
 
 $token = Get-AzAccessToken @params
 $tokenValue = $token.Token
-if ($useSecureString) {{
-    $tokenValue = $tokenValue | ConvertFrom-SecureString -AsPlainText
+if ($tokenValue -is [System.Security.SecureString]) {{
+    if ($PSVersionTable.PSVersion.Major -lt 7) {{
+        try {{
+            $ssPtr = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($tokenValue)
+            $tokenValue = [System.Runtime.InteropServices.Marshal]::PtrToStringBSTR($ssPtr)
+        }}
+        finally {{
+            [System.Runtime.InteropServices.Marshal]::ZeroFreeBSTR($ssPtr)
+        }}
+    }}
+    else {{
+        $tokenValue = $tokenValue | ConvertFrom-SecureString -AsPlainText
+    }}
 }}
 Write-Output "`nazsdk%$($tokenValue)%$($token.ExpiresOn.ToUnixTimeSeconds())`n"
 """