Click here to Skip to main content
Click here to Skip to main content

IIS security settings and different permission using installer class with custom action

, 14 Aug 2012 CPOL
Rate this:
Please Sign up or sign in to vote.
Setting IIS security type and user, accounts permissions using installer class and custom action

Introduction

Foremost, I would like to sincerely thank codeproject and all the contributors for great articles, I learn alot from this site, so am really short of words to express my thanks and this is my first attempt to post a very small article but am sure this will help developers when they want to perform IIS settings programatically.

The article helps developers set the authentication and permissions for a website using installer class.

It is indeed very helpful to simplify the deployment process specially in cases when developers have less or no control over the deployment once the setup is handed over to deployment team.

Background

There are scenarios where developers want to ensure that a web site must have specific types of authentication enable/disabled etc as shown in following snap

I had two requirements

1. Windows Authentication to be enabled in IIS and all other authentication to be disabled as shown in above snap.

2. Network ,Network Service and Everyone should have full control to the site

And both of the above should happen without doing maual settings meaning once the deployment setup is over engineer should not manually change the settings, they should be applied automatically.

Before moving forward, I would like to mention that I reffered different sites and my own logic to reach this stage so as of now I dont have referece to respective URL but would like to thank them in case they come across this article.

For performing the above tasks, developer needs to refernce the two dlls namely:

Microsoft.Web.Management.dll and Microsoft.Web.Administration and the same can be located at

Using the code

Please find attached zip file for all the complete sample code, ReadMe.txt and document suggesting detailed steps showing all the steps as how to set the permissions for virtual directory during the setup. Also how to set desired authentication during the setup.




[System.Security.Permissions.SecurityPermission(System.Security.Permissions.SecurityAction.Demand)]
public override void Install(IDictionary stateSaver)
{
    base.Install(stateSaver);
    stateSaver.Add("targetvdir", Context.Parameters["targetvdir"].ToString());           
    configureIIS(Context.Parameters["targetvdir"].ToString());
    if (!EventLog.SourceExists("SampleApplication"))
    {
        EventSourceCreationData mySource = 
          new EventSourceCreationData("SampleApplication", "SampleApplicationLogs");
        EventLog.CreateEventSource(mySource);
        EventLog.WriteEntry("SampleApplication", "SampleApplication IIS Settings done.");
        EventLog.WriteEntry("SampleApplication", "targetvdir..." + 
          Context.Parameters["targetvdir"].ToString());
    }
    else
    {
        EventLog.WriteEntry("SampleApplication", "SampleApplication IIS Settings done.");
        EventLog.WriteEntry("SampleApplication", 
          "targetvdir..." + Context.Parameters["targetvdir"].ToString());
    }
    stateSaver.Add("targetdir", Context.Parameters["targetdir"].ToString());
    DirectorySecurity dirSec = Directory.GetAccessControl(@Context.Parameters["targetdir"].ToString());
    FileSystemAccessRule fsar = new FileSystemAccessRule("Everyone",
                                                        FileSystemRights.FullControl,
                                                        InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit,
                                                        PropagationFlags.None,
                                                        AccessControlType.Allow);
    dirSec.AddAccessRule(fsar);
    FileSystemAccessRule fNet = new FileSystemAccessRule("NETWORK",
                                                          FileSystemRights.FullControl,
                                                          InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit,
                                                          PropagationFlags.None,
                                                          AccessControlType.Allow);
    dirSec.AddAccessRule(fNet);
    FileSystemAccessRule fNetServ = new FileSystemAccessRule("NETWORK SERVICE",
                                                        FileSystemRights.FullControl,
                                                        InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit,
                                                        PropagationFlags.None,
                                                        AccessControlType.Allow);
    dirSec.AddAccessRule(fNetServ);
    Directory.SetAccessControl(@Context.Parameters["targetdir"].ToString(), dirSec);
}
/// <summary>
/// This method change the security setting of iis for particular web application name specified during the setup 
/// </summary>
/// <param name="vdName"></param>
private void configureIIS(string vdName)
{
    using (ServerManager serverManager = new ServerManager())
    {
        Microsoft.Web.Administration.Configuration config = 
           serverManager.GetApplicationHostConfiguration();
        Microsoft.Web.Administration.ConfigurationSection anonymousAuthenticationSection = 
           config.GetSection("system.webServer/security/authentication/anonymousAuthentication", 
           "Default Web Site/" + vdName);
        anonymousAuthenticationSection["enabled"] = false;
        Microsoft.Web.Administration.ConfigurationSection windowsAuthenticationSection = 
           config.GetSection("system.webServer/security/authentication/windowsAuthentication", 
           "Default Web Site/" + vdName);
        windowsAuthenticationSection["enabled"] = true;
        serverManager.CommitChanges();
    }
}

One can easily identify ConfigureIIS method ensures that windows authentication property is set and anonymous is set to false.

In order to create deployment it is a pre-requisite that developer should have deployment type of project setup installed. This can be downloaded from here



Once the deployment package is installed, developer can add the deployment type of project as

Assuming you have a web solution ready, as shown in above snap you can add the deployment type project

Ensure the application is set in Release mode

Build the Solution.

Now let us add the installer class which can be done by adding the class library and then adding installer class in it.

Delete the default class and add the installer class as shown in following snap;

Add the code shown above.
Right click Solution file and add the Web Setup project:

Right click the web setup -> add-> Project output as shown

Following pop up will appear add the primary output from deployment project and from installer class. Following figure shows adding from Installer class,

Click OK.

Please add the Primary output from deployment project also the same way as shown in snap.

Click OK.

Right Click the Web Setup project and add custom action as follows:

Rigth click the Install node in Custom Actions and add as shown in following:

Click on Properties or Hit F7 key and add the following custom Action data (ref figure below)

Right click the solution file in solution Explorer and build the solution.

Upon successful build. Open the setup folder:

Run the setup from the Release folder.

That's it friends..........we are all set to deploy the application from the Release folder of the setup project;

Points of Interest

The most interesting part of this article was learning that I had to find out the location where the Virtual directory is getting installed and then set the permission on that folder, so you can identify this part of the code"

Microsoft.Web.Administration.Configuration config = serverManager.GetApplicationHostConfiguration(); 
Microsoft.Web.Administration.ConfigurationSection anonymousAuthenticationSection = 
  config.GetSection("system.webServer/security/authentication/anonymousAuthentication", 
  "Default Web Site/" + vdName);
anonymousAuthenticationSection["enabled"] = false;
Microsoft.Web.Administration.ConfigurationSection windowsAuthenticationSection = 
  config.GetSection("system.webServer/security/authentication/windowsAuthentication", 
  "Default Web Site/" + vdName);
windowsAuthenticationSection["enabled"] = true;
serverManager.CommitChanges();

License

This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Share

About the Author

Ravi_Vaswani
Web Developer
India India
I am an engnineer and am presently into web soltuions. I enjoy being techo functional, I work on ASP.NET/SQL Server and at times MS-Sharepoint. I enjoy taking up complex functional assignments that need technical solutions.

Comments and Discussions

 
GeneralMy vote of 5 PinmemberAliciaJane16-Jan-13 4:12 
GeneralMy vote of 5 PinmemberChristian Amado14-Aug-12 5:44 
Excellent!
GeneralRe: My vote of 5 PinmemberRavi_Vaswani15-Aug-12 20:29 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.

| Advertise | Privacy | Mobile
Web03 | 2.8.141022.2 | Last Updated 14 Aug 2012
Article Copyright 2012 by Ravi_Vaswani
Everything else Copyright © CodeProject, 1999-2014
Terms of Service
Layout: fixed | fluid