Click here to Skip to main content
15,868,016 members
Articles / Web Development / ASP.NET

IIS security settings and different permission using installer class with custom action

Rate me:
Please Sign up or sign in to vote.
5.00/5 (6 votes)
14 Aug 2012CPOL3 min read 28.8K   581   11   3
Setting IIS security type and user, accounts permissions using installer class and custom action

Introduction

Foremost, I would like to sincerely thank codeproject and all the contributors for great articles, I learn alot from this site, so am really short of words to express my thanks and this is my first attempt to post a very small article but am sure this will help developers when they want to perform IIS settings programatically.

The article helps developers set the authentication and permissions for a website using installer class.

It is indeed very helpful to simplify the deployment process specially in cases when developers have less or no control over the deployment once the setup is handed over to deployment team.

Background

There are scenarios where developers want to ensure that a web site must have specific types of authentication enable/disabled etc as shown in following snap

Image 1

I had two requirements

1. Windows Authentication to be enabled in IIS and all other authentication to be disabled as shown in above snap.

2. Network ,Network Service and Everyone should have full control to the site

And both of the above should happen without doing maual settings meaning once the deployment setup is over engineer should not manually change the settings, they should be applied automatically.

Before moving forward, I would like to mention that I reffered different sites and my own logic to reach this stage so as of now I dont have referece to respective URL but would like to thank them in case they come across this article.

For performing the above tasks, developer needs to refernce the two dlls namely:

Microsoft.Web.Management.dll and Microsoft.Web.Administration and the same can be located at

Image 2

Using the code

Please find attached zip file for all the complete sample code, ReadMe.txt and document suggesting detailed steps showing all the steps as how to set the permissions for virtual directory during the setup. Also how to set desired authentication during the setup.




C#
[System.Security.Permissions.SecurityPermission(System.Security.Permissions.SecurityAction.Demand)]
public override void Install(IDictionary stateSaver)
{
    base.Install(stateSaver);
    stateSaver.Add("targetvdir", Context.Parameters["targetvdir"].ToString());           
    configureIIS(Context.Parameters["targetvdir"].ToString());
    if (!EventLog.SourceExists("SampleApplication"))
    {
        EventSourceCreationData mySource = 
          new EventSourceCreationData("SampleApplication", "SampleApplicationLogs");
        EventLog.CreateEventSource(mySource);
        EventLog.WriteEntry("SampleApplication", "SampleApplication IIS Settings done.");
        EventLog.WriteEntry("SampleApplication", "targetvdir..." + 
          Context.Parameters["targetvdir"].ToString());
    }
    else
    {
        EventLog.WriteEntry("SampleApplication", "SampleApplication IIS Settings done.");
        EventLog.WriteEntry("SampleApplication", 
          "targetvdir..." + Context.Parameters["targetvdir"].ToString());
    }
    stateSaver.Add("targetdir", Context.Parameters["targetdir"].ToString());
    DirectorySecurity dirSec = Directory.GetAccessControl(@Context.Parameters["targetdir"].ToString());
    FileSystemAccessRule fsar = new FileSystemAccessRule("Everyone",
                                                        FileSystemRights.FullControl,
                                                        InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit,
                                                        PropagationFlags.None,
                                                        AccessControlType.Allow);
    dirSec.AddAccessRule(fsar);
    FileSystemAccessRule fNet = new FileSystemAccessRule("NETWORK",
                                                          FileSystemRights.FullControl,
                                                          InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit,
                                                          PropagationFlags.None,
                                                          AccessControlType.Allow);
    dirSec.AddAccessRule(fNet);
    FileSystemAccessRule fNetServ = new FileSystemAccessRule("NETWORK SERVICE",
                                                        FileSystemRights.FullControl,
                                                        InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit,
                                                        PropagationFlags.None,
                                                        AccessControlType.Allow);
    dirSec.AddAccessRule(fNetServ);
    Directory.SetAccessControl(@Context.Parameters["targetdir"].ToString(), dirSec);
}
/// <summary>
/// This method change the security setting of iis for particular web application name specified during the setup 
/// </summary>
/// <param name="vdName"></param>
private void configureIIS(string vdName)
{
    using (ServerManager serverManager = new ServerManager())
    {
        Microsoft.Web.Administration.Configuration config = 
           serverManager.GetApplicationHostConfiguration();
        Microsoft.Web.Administration.ConfigurationSection anonymousAuthenticationSection = 
           config.GetSection("system.webServer/security/authentication/anonymousAuthentication", 
           "Default Web Site/" + vdName);
        anonymousAuthenticationSection["enabled"] = false;
        Microsoft.Web.Administration.ConfigurationSection windowsAuthenticationSection = 
           config.GetSection("system.webServer/security/authentication/windowsAuthentication", 
           "Default Web Site/" + vdName);
        windowsAuthenticationSection["enabled"] = true;
        serverManager.CommitChanges();
    }
}

One can easily identify ConfigureIIS method ensures that windows authentication property is set and anonymous is set to false.

In order to create deployment it is a pre-requisite that developer should have deployment type of project setup installed. This can be downloaded from here



Once the deployment package is installed, developer can add the deployment type of project as

Image 3

Assuming you have a web solution ready, as shown in above snap you can add the deployment type project

Image 4

Ensure the application is set in Release mode

Image 5

Build the Solution.

Now let us add the installer class which can be done by adding the class library and then adding installer class in it.

Image 6

Delete the default class and add the installer class as shown in following snap;Image 7

Add the code shown above.
Right click Solution file and add the Web Setup project:

Image 8

Right click the web setup -> add-> Project output as shown

Image 9

Following pop up will appear add the primary output from deployment project and from installer class. Following figure shows adding from Installer class,

Image 10

Click OK.

Please add the Primary output from deployment project also the same way as shown in snap.

Image 11

Click OK.

Right Click the Web Setup project and add custom action as follows:

Image 12

Rigth click the Install node in Custom Actions and add as shown in following:

Image 13

Image 14

Image 15

Image 16

Click on Properties or Hit F7 key and add the following custom Action data (ref figure below)

Image 17

Right click the solution file in solution Explorer and build the solution.

Upon successful build. Open the setup folder:

Image 18

Run the setup from the Release folder.

That's it friends..........we are all set to deploy the application from the Release folder of the setup project;

Points of Interest

The most interesting part of this article was learning that I had to find out the location where the Virtual directory is getting installed and then set the permission on that folder, so you can identify this part of the code"

C#
Microsoft.Web.Administration.Configuration config = serverManager.GetApplicationHostConfiguration(); 
Microsoft.Web.Administration.ConfigurationSection anonymousAuthenticationSection = 
  config.GetSection("system.webServer/security/authentication/anonymousAuthentication", 
  "Default Web Site/" + vdName);
anonymousAuthenticationSection["enabled"] = false;
Microsoft.Web.Administration.ConfigurationSection windowsAuthenticationSection = 
  config.GetSection("system.webServer/security/authentication/windowsAuthentication", 
  "Default Web Site/" + vdName);
windowsAuthenticationSection["enabled"] = true;
serverManager.CommitChanges();

License

This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)


Written By
Web Developer
India India
I am an engnineer and am presently into web soltuions. I enjoy being techo functional, I work on ASP.NET/SQL Server and at times MS-Sharepoint. I enjoy taking up complex functional assignments that need technical solutions.

Comments and Discussions

 
GeneralMy vote of 5 Pin
AliciaJane16-Jan-13 4:12
AliciaJane16-Jan-13 4:12 
GeneralMy vote of 5 Pin
Christian Amado14-Aug-12 5:44
professionalChristian Amado14-Aug-12 5:44 
GeneralRe: My vote of 5 Pin
Ravi_Vaswani15-Aug-12 20:29
Ravi_Vaswani15-Aug-12 20:29 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Praise Praise    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.