id like to authorize a user called user1 by url-authorization to a vdir.
In IIS-Manager this isnt really a problem. Doing this by appcmd
appcmd set config "Default Web Site/Test/Vdir1" /section:system.webServer/security/authorization /+"[accessType='Allow', users='user1']"
really isnt a problem too.
Now here comes the problem:
In delegation of features i switched the url-authentication feature from read/write to write-protected, in order to ged rid of this nasty web-config file in my vdir. Setting up url-authorization still works (without using a web.config-file) in IIS-Manager,
but i have no clue how to setup url-authorization via app-cmd. It always tells me, that command is failing because of locking.
You can add a commint path settings to make the configuration applied for virtual directory stored with location tag in site root web.config:
appcmd set config "Default Web Site/Test/Vdir1" /section:system.webServer/security/authorization /+"[accessType='Allow', users='user1']"
/commit:"MACHINE/WEBROOT/APPHOST/Default Web Site"
I know that the OP specifically asked for appcmd.exe command line assistance but I was looking to programmatically add an IIS Manager user in PowerShell and cobbled this one together which shows how to do the same but in PowerShell.
[System.Reflection.Assembly]::LoadWithPartialName("Microsoft.Web.Management") | out-null
[System.Reflection.Assembly]::LoadWithPartialName("Microsoft.Web.Administration") | out-null
[System.Reflection.Assembly]::LoadWithPartialName("System.Web") | out-null
# Prompt for the username to be created.
[string] $Username = (Read-Host -Prompt "Enter the username (forced to lower case)").toLower()
# Create the IIS Manager User
$IISUser = [Microsoft.Web.Management.Server.ManagementAuthentication]
If ($IISUser::GetUser($Username)) {
"The user `"$Username`" already exists."
Exit
}
Else {
# Generate a (very) random password.
[string] $Password = [System.Web.Security.Membership]::GeneratePassword(10,0)
$IISUser::CreateUser($Username,$Password) | out-null
}
# Grant the IIS Manager User access to the 'Default FTP Site' site.
$IISAuth = [Microsoft.Web.Management.Server.ManagementAuthorization]
$IISAuth::Grant($Username,"Default FTP Site", $FALSE) | out-null
# Create a folder in the LocalUser share
New-Item -Path "\\FTPFILES\files\LocalUser\$Username" -Type Directory | out-null
# Permit the user FTP Authorization rules permissions to that folder
$ServerManager = (New-Object Microsoft.Web.Administration.ServerManager)
$Config = $ServerManager.GetApplicationHostConfiguration()
$authorizationSection = $Config.GetSection("system.ftpServer/security/authorization","Default FTP Site/LocalUser/$Username")
$authorizationCollection = $authorizationSection.GetCollection()
$addElement = $authorizationCollection.CreateElement("add")
$addElement["accessType"] = "Allow"
$addElement["users"] = "$Username"
$addElement["permissions"] = "Read, Write"
$authorizationCollection.Add($addElement) | out-null
$serverManager.CommitChanges() | out-null
# Advise the script runner what the user name and password is... so they can provide to the user.
Write-Host "The username entered is: $Username`nThe password for this user is: $Password`n`nTest this information prior to providing the user with the connection details."
stefaniebeck
5 Posts
How to setup URL-Authorization via appcmd.exe
Mar 21, 2012 02:04 PM|LINK
Hi folks,
id like to authorize a user called user1 by url-authorization to a vdir.
In IIS-Manager this isnt really a problem. Doing this by appcmd
appcmd set config "Default Web Site/Test/Vdir1" /section:system.webServer/security/authorization /+"[accessType='Allow', users='user1']"
really isnt a problem too.
Now here comes the problem:
In delegation of features i switched the url-authentication feature from read/write to write-protected, in order to ged rid of this nasty web-config file in my vdir. Setting up url-authorization still works (without using a web.config-file) in IIS-Manager, but i have no clue how to setup url-authorization via app-cmd. It always tells me, that command is failing because of locking.
Any hint would be appreciated ...
url-authorization appcmd.exe
Lloydz
2335 Posts
Microsoft
Re: How to setup URL-Authorization via appcmd.exe
Mar 26, 2012 07:05 AM|LINK
Hi,
You can add a commint path settings to make the configuration applied for virtual directory stored with location tag in site root web.config:
appcmd set config "Default Web Site/Test/Vdir1" /section:system.webServer/security/authorization /+"[accessType='Allow', users='user1']" /commit:"MACHINE/WEBROOT/APPHOST/Default Web Site"
Thanks.
stefaniebeck
5 Posts
Re: How to setup URL-Authorization via appcmd.exe
Mar 30, 2012 06:08 PM|LINK
Hi Lloydz,
thank you very much for this hint, i think this is exactly what is was looking for.
Ill try this asap.
Thumbs up!
Greetings
lwsrbrts
15 Posts
Re: How to setup URL-Authorization via appcmd.exe
Apr 02, 2012 10:21 PM|LINK
[System.Reflection.Assembly]::LoadWithPartialName("Microsoft.Web.Management") | out-null [System.Reflection.Assembly]::LoadWithPartialName("Microsoft.Web.Administration") | out-null [System.Reflection.Assembly]::LoadWithPartialName("System.Web") | out-null # Prompt for the username to be created. [string] $Username = (Read-Host -Prompt "Enter the username (forced to lower case)").toLower() # Create the IIS Manager User $IISUser = [Microsoft.Web.Management.Server.ManagementAuthentication] If ($IISUser::GetUser($Username)) { "The user `"$Username`" already exists." Exit } Else { # Generate a (very) random password. [string] $Password = [System.Web.Security.Membership]::GeneratePassword(10,0) $IISUser::CreateUser($Username,$Password) | out-null } # Grant the IIS Manager User access to the 'Default FTP Site' site. $IISAuth = [Microsoft.Web.Management.Server.ManagementAuthorization] $IISAuth::Grant($Username,"Default FTP Site", $FALSE) | out-null # Create a folder in the LocalUser share New-Item -Path "\\FTPFILES\files\LocalUser\$Username" -Type Directory | out-null # Permit the user FTP Authorization rules permissions to that folder $ServerManager = (New-Object Microsoft.Web.Administration.ServerManager) $Config = $ServerManager.GetApplicationHostConfiguration() $authorizationSection = $Config.GetSection("system.ftpServer/security/authorization","Default FTP Site/LocalUser/$Username") $authorizationCollection = $authorizationSection.GetCollection() $addElement = $authorizationCollection.CreateElement("add") $addElement["accessType"] = "Allow" $addElement["users"] = "$Username" $addElement["permissions"] = "Read, Write" $authorizationCollection.Add($addElement) | out-null $serverManager.CommitChanges() | out-null # Advise the script runner what the user name and password is... so they can provide to the user. Write-Host "The username entered is: $Username`nThe password for this user is: $Password`n`nTest this information prior to providing the user with the connection details."stefaniebeck
5 Posts
Re: How to setup URL-Authorization via appcmd.exe
Apr 03, 2012 05:02 AM|LINK
/commit:"MACHINE/WEBROOT/APPHOST/Default Web Site"
Yeah this works smoothly. You made my day. Thank you again, Lloydz!
You already marked this as an answer.
Greetings