« Previous Next »

• 05-19-2009, 11:50 PM

  OWScott Joined on 08-12-2002, 1:25 PM North Carolina Posts 90

  Grant, MWM and default file Reply Contact I'm attempting to grant a user IIS Manager Permissions to a site using Microsoft.Web.Management or Microsoft.Web.Administration. It should be the following, which I've gotten to work some time ago, but it doesn't appear to work for me now. It's a static method, so I'm just doing the following: Microsoft.Web.Management.Server.ManagementAuthorization.Grant(userName, configurationPath, false); userName is the Windows username I want to grant, and configurationPath is the site name. However, it throws an error about not having the section defined in the config file: Filename: MACHINE/WEBROOT Error: The configuration section 'system.webServer/management/authorization' cannot be read because it is missing a section declaration So, what it looks like it's doing is using applicationHost.config instead of administration.config. But, shouldn't ManagementAuthorization always use administration.config? I also tried getting a section using MWA's serverManager.GetAdministrationConfiguration, but it also appears to get MACHINE/WEBROOT/APPHOST. Basically I do the following calls and traverse through the sections: Configuration admin = serverManager.GetAdministrationConfiguration(); ConfigurationSection configPaths = appHost.GetSection("configPaths"); How so I force the method to use administration.config instead of applicationHost.config? I assume it's with a fully qualified configPath. Or, is there a better way to grant a user permissions? Thanks, Scott Scott Forsyth Director of IT Microsoft MVP - ASP/ASP.NET ASPInsider ORCS Web, Inc www.orcsweb.com

• 05-20-2009, 1:37 AM

  In reply to

  CarlosAg Joined on 02-19-2003, 2:23 AM Posts 343	Re: Grant, MWM and default file Reply Contact The best way is using MWM as you mentioned above using ManagementAuthorization. Could you send me information about the versions you are running this. That should work. Could you also verify that you are doing this in an application running in an elevated (administrator) way.

• 05-20-2009, 8:24 AM

  In reply to

  OWScott Joined on 08-12-2002, 1:25 PM North Carolina Posts 90

  Re: Grant, MWM and default file Reply Contact Thanks Carlos, It seems pretty simple, so I'm not sure what I'm missing. This is a clean install on Windows Server 2008 RTM, fully caught up on service packs.  I'm running ASP.NET version 2.0 (patched up to 3.5 SP1). I'm running this from a clean MVC application and running it in Cassini using my administrator account. My code is simply this: string userName = "mydomain/Scott"; string configurationPath = "Default Web Site"; ManagementAuthorization.Grant(userName, configurationPath, false); Thanks! Scott Scott Forsyth Director of IT Microsoft MVP - ASP/ASP.NET ASPInsider ORCS Web, Inc www.orcsweb.com

• 05-26-2009, 3:05 PM

  In reply to

  CarlosAg Joined on 02-19-2003, 2:23 AM Posts 343

  Re: Grant, MWM and default file Reply Contact that is weird, is your app running in Full Trust? Could you try running something like: Microsoft.Web.Administration.ServerManager mgr = new Microsoft.Web.Administration.ServerManager(); Microsoft.Web.Administration.Configuration config = mgr.GetAdministrationConfiguration(); Microsoft.Web.Administration.ConfigurationSection section = config.GetSection("moduleProviders"); Response.Write(section.GetCollection().Count.ToString()); I want to see if its possible to read administration.config in the first place.

• 05-26-2009, 9:18 PM

  In reply to

  OWScott Joined on 08-12-2002, 1:25 PM North Carolina Posts 90

  Re: Grant, MWM and default file Reply Contact That uncovered some more.  It failed again, but provided more info by showing the path.  I ran procmon and see that it's really looking for C:\Windows\SysWOW64\inetsrv\Config\administration.config.  Procmon shows a name not found and doesn't continue trying to find the real path.  Very odd since the error shows c:\Windows\system32\inetsrv.  Any ideas why it would do that?  It's like it's using a different environment variable to access the file vs. displaying the error message. Filename: \\?\C:\Windows\system32\inetsrv\config\administration.config Error: The configuration section 'moduleProviders' cannot be read because it is missing a section declaration Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code. Exception Details: System.Runtime.InteropServices.COMException: Filename: \\?\C:\Windows\system32\inetsrv\config\administration.config Error: The configuration section 'moduleProviders' cannot be read because it is missing a section declaration Source Error: Line 25: Microsoft.Web.Administration.Configuration config = mgr.GetAdministrationConfiguration(); Line 26: Line 27: Microsoft.Web.Administration.ConfigurationSection section = config.GetSection("moduleProviders"); Line 28: Line 29: Response.Write(section.GetCollection().Count.ToString()); Scott Forsyth Director of IT Microsoft MVP - ASP/ASP.NET ASPInsider ORCS Web, Inc www.orcsweb.com

• 05-27-2009, 12:07 AM

  In reply to

  brady.gaster Joined on 05-26-2009, 2:42 PM Posts 3

  Re: Grant, MWM and default file Reply Contact  Here's a little code I've written that'll help with the solution to this. using System; using System.Collections.Generic; using System.Linq; using System.Text; using System.Security.Cryptography.X509Certificates; using Microsoft.Web.Administration; namespace SetIisManagerPermissions {     class Program     {         static void Main(string[] args)         {             ServerManager sm = new ServerManager();             var config = sm.GetAdministrationConfiguration();             ConfigurationSection section = config.GetSection("system.webServer/management/authorization");             var authorizationRulesElement = section.GetChildElement("authorizationRules");             var scopeElementCollection = authorizationRulesElement.GetCollection();             foreach (var scopeElement in scopeElementCollection)             {                 var path = scopeElement.GetAttribute("path").Value;                 var userCollection = scopeElement.GetCollection();                 foreach (var userAddElement in userCollection)                 {                     var usr = userAddElement.GetAttribute("name").Value;                     Console.WriteLine("{0} added to {1}", usr, path);                 }             }             Console.ReadLine();         }     } }

• 05-27-2009, 12:30 AM

  In reply to

  OWScott Joined on 08-12-2002, 1:25 PM North Carolina Posts 90

  Re: Grant, MWM and default file Reply Contact Interesting.  It must be my computer then.  Your example uses MWA rather than MWM and the same issue occured.  The errors shows that the config hasn't been defined, but process monitor shows that it's looking in c:\Windows\SysWOW64. Ahhh, I got it to work, but I don't understand all of the details yet.  When I run this under IIS it works.  It just doesn't work under Cassini.  There appears to be an issue with the environment variable in Cassini when accessing these files. Scott Forsyth Director of IT Microsoft MVP - ASP/ASP.NET ASPInsider ORCS Web, Inc www.orcsweb.com

• 05-27-2009, 1:00 AM

  In reply to

  CarlosAg Joined on 02-19-2003, 2:23 AM Posts 343

  Re: Grant, MWM and default file Reply Contact Now I understand the issue, what is happening is that Cassini is a 32 bit process and that in conjunction of a bug in our configuration makes us try to load the "redirected" syswow (instead of system32) which is the reason why we cannot find administration.config. Running in 64 bit process alleviates the problem cause there is no "magic" redirection and we go to the right folder.

• 05-27-2009, 10:51 AM

  In reply to

  OWScott Joined on 08-12-2002, 1:25 PM North Carolina Posts 90	Re: Grant, MWM and default file Reply Contact Thanks, that explains/confirms it.  Now that I know the story, I can work around it.   It will run in IIS in the end anyway. Scott Forsyth Director of IT Microsoft MVP - ASP/ASP.NET ASPInsider ORCS Web, Inc www.orcsweb.com