public static void AddUIModuleProvider(string name, string type) { using (ServerManager mgr = new ServerManager()) { // First register the Module Provider Configuration adminConfig = mgr.GetAdministrationConfiguration(); ConfigurationSection moduleProvidersSection = adminConfig.GetSection("moduleProviders"); ConfigurationElementCollection moduleProviders = moduleProvidersSection.GetCollection(); if (FindByAttribute(moduleProviders, "name", name) == null) { ConfigurationElement moduleProvider = moduleProviders.CreateElement(); moduleProvider.SetAttributeValue("name", name); moduleProvider.SetAttributeValue("type", type); moduleProviders.Add(moduleProvider); } // Now register it so that all Sites have access to this module ConfigurationSection modulesSection = adminConfig.GetSection("modules"); ConfigurationElementCollection modules = modulesSection.GetCollection(); if (FindByAttribute(modules, "name", name) == null) { ConfigurationElement module = modules.CreateElement(); module.SetAttributeValue("name", name); modules.Add(module); } mgr.CommitChanges(); } }
/// <summary> /// Removes the specified UI Module by name /// </summary> public static void RemoveUIModuleProvider(string name) { using (ServerManager mgr = new ServerManager()) { // First remove it from the sites Configuration adminConfig = mgr.GetAdministrationConfiguration(); ConfigurationSection modulesSection = adminConfig.GetSection("modules"); ConfigurationElementCollection modules = modulesSection.GetCollection(); ConfigurationElement module = FindByAttribute(modules, "name", name); if (module != null) { modules.Remove(module); } // now remove the ModuleProvider ConfigurationSection moduleProvidersSection = adminConfig.GetSection("moduleProviders"); ConfigurationElementCollection moduleProviders = moduleProvidersSection.GetCollection(); ConfigurationElement moduleProvider = FindByAttribute(moduleProviders, "name", name); if (moduleProvider != null) { moduleProviders.Remove(moduleProvider); } mgr.CommitChanges(); } }
public void RemoveUserFromRule(string providers, string path, string accountName) { var rulePredicate = new Predicate<ConfigurationElement>(x => { return x.Attributes["providers"].Value.Equals(providers) && x.Attributes["path"].Value.Equals(path); }); // var userPredicate = new Predicate<ConfigurationElement>(x => { return x.Attributes["name"].Value.Equals(accountName); }); // using (var srvman = new ServerManager()) { var adminConfig = srvman.GetAdministrationConfiguration(); // var delegationSection = adminConfig.GetSection("system.webServer/management/delegation"); // var rulesCollection = delegationSection.GetCollection(); // Update rule if exists foreach (var rule in rulesCollection) { if (rulePredicate.Invoke(rule) == true) { var permissions = rule.GetCollection("permissions"); // foreach (var user in permissions) { if (userPredicate.Invoke(user)) { permissions.Remove(user); // srvman.CommitChanges(); // break; } } } } } }
public void RestrictRuleToUser(string providers, string path, string accountName) { var rulePredicate = new Predicate<ConfigurationElement>(x => { return x.Attributes["providers"].Value.Equals(providers) && x.Attributes["path"].Value.Equals(path); }); // var userPredicate = new Predicate<ConfigurationElement>(x => { return x.Attributes["name"].Value.Equals(accountName); }); // using (var srvman = new ServerManager()) { var adminConfig = srvman.GetAdministrationConfiguration(); // return if system.webServer/management/delegation section is not exist in config file if (!HasDelegationSection(adminConfig)) return; var delegationSection = adminConfig.GetSection("system.webServer/management/delegation"); // var rulesCollection = delegationSection.GetCollection(); // Update rule if exists foreach (var rule in rulesCollection) { if (rulePredicate.Invoke(rule) == true) { var permissions = rule.GetCollection("permissions"); // var user = default(ConfigurationElement); // foreach (var item in permissions) { if (userPredicate.Invoke(item)) { user = item; // break; } } // if (user == null) { user = permissions.CreateElement("user"); // user.SetAttributeValue("name", accountName); user.SetAttributeValue("isRole", false); // permissions.Add(user); } // if (user != null) { user.SetAttributeValue("accessType", "Deny"); // srvman.CommitChanges(); } } } } }
static void Main (string [] args) { using (ServerManager serverManager = new ServerManager()) { Configuration config = serverManager.GetAdministrationConfiguration(); ConfigurationSection trustedProvidersSection = config.GetSection("system.webServer/management/trustedProviders"); ConfigurationElementCollection trustedProvidersCollection = trustedProvidersSection.GetCollection(); int NumberOfEntries = trustedProvidersCollection.Count; while (NumberOfEntries > 0) { ConfigurationElement Element = trustedProvidersCollection [--NumberOfEntries]; String Type = Element ["type"].ToString (); if ((Type.IndexOf ("2.0.0.0") != -1) && (Type.IndexOf ("System.Web.Security.") != -1)) { trustedProvidersCollection.Remove (Element); } } NumberOfEntries = trustedProvidersCollection.Count; //ConfigurationElement V4MembershipElement = trustedProvidersCollection.CreateElement ("add"); //V4MembershipElement ["type"] = @"System.Web.Security.SqlMembershipProvider, System.Web, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"; //trustedProvidersCollection.Add (V4MembershipElement); //ConfigurationElement V4RoleElement = trustedProvidersCollection.CreateElement ("add"); //V4RoleElement ["type"] = @"System.Web.Security.SqlRoleProvider, System.Web, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"; //trustedProvidersCollection.Add (V4RoleElement); //ConfigurationElement V4ProfileElement = trustedProvidersCollection.CreateElement ("add"); //V4ProfileElement ["type"] = @"System.Web.Security.SqlProfileProvider, System.Web, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"; //trustedProvidersCollection.Add (V4ProfileElement); //ConfigurationElement V4TokenElement = trustedProvidersCollection.CreateElement ("add"); //V4TokenElement ["type"] = @"System.Web.Security.WindowsTokenRoleProvider, System.Web, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"; //trustedProvidersCollection.Add (V4TokenElement); NumberOfEntries = trustedProvidersCollection.Count; // serverManager.CommitChanges (); } }
private static void AddMsDeployAccessToSite(ServerManager sm,string siteName, string iisMgrUserName) { Configuration config = sm.GetAdministrationConfiguration(); ConfigurationSection authorizationSection = config.GetSection("system.webServer/management/authorization"); ConfigurationElementCollection authorizationRulesCollection = authorizationSection.GetCollection("authorizationRules"); ConfigurationElement scopeElement = FindElement(authorizationRulesCollection, "scope", "path", @"/{0}".Fmt(siteName)); if (scopeElement == null) { scopeElement = authorizationRulesCollection.CreateElement("scope"); scopeElement["path"] = @"/{0}".Fmt(siteName); authorizationRulesCollection.Add(scopeElement); } ConfigurationElementCollection scopeCollection = scopeElement.GetCollection(); bool hasAccessAlready = false; foreach (var childElement in scopeCollection.ChildElements) { if ((string) childElement.GetAttributeValue("name") == iisMgrUserName) hasAccessAlready = true; } if (!hasAccessAlready) { ConfigurationElement addElement = scopeCollection.CreateElement("add"); addElement["name"] = iisMgrUserName; scopeCollection.Add(addElement); } sm.CommitChanges(); }
protected void ReadWebManagementAccessDetails(ServerManager srvman, WebVirtualDirectory iisObject) { bool wmSvcAvailable = IsWebManagementServiceInstalled(); // iisObject.SetValue<bool>(WebSite.WmSvcAvailable, wmSvcAvailable); // if (wmSvcAvailable) { // iisObject.SetValue<bool>( WebVirtualDirectory.WmSvcSiteEnabled, IsWebManagementAccessEnabled(iisObject)); // string fqWebPath = @"/" + iisObject.FullQualifiedPath; // Configuration config = srvman.GetAdministrationConfiguration(); ConfigurationSection authorizationSection = config.GetSection("system.webServer/management/authorization"); ConfigurationElementCollection authorizationRulesCollection = authorizationSection.GetCollection("authorizationRules"); ConfigurationElement scopeElement = FindElement(authorizationRulesCollection, "scope", "path", fqWebPath); Log.WriteInfo("FQ WebPath: " + fqWebPath); if (scopeElement != null) { ConfigurationElementCollection scopeCollection = scopeElement.GetCollection(); // Retrieve account name if (scopeCollection.Count > 0) { /* iisObject.SetValue<string>( WebSite.WmSvcAccountName, GetNonQualifiedAccountName((String)scopeCollection[0]["name"])); */ iisObject.SetValue<string>( WebSite.WmSvcAccountName, (String)scopeCollection[0]["name"]); // iisObject.SetValue<string>( WebSite.WmSvcServiceUrl, ProviderSettings["WmSvc.ServiceUrl"]); // iisObject.SetValue<string>( WebSite.WmSvcServicePort, ProviderSettings["WmSvc.Port"]); } } } }
public bool DelegationRuleExists(string providers, string path) { var exists = false; // var predicate = new Predicate<ConfigurationElement>(x => { return x.Attributes["providers"].Value.Equals(providers) && x.Attributes["path"].Value.Equals(path); }); // using (var srvman = new ServerManager()) { var adminConfig = srvman.GetAdministrationConfiguration(); // return if system.webServer/management/delegation section is not exist in config file if (!HasDelegationSection(adminConfig)) return false; var delegationSection = adminConfig.GetSection("system.webServer/management/delegation"); // var rulesCollection = delegationSection.GetCollection(); // Update rule if exists foreach (var rule in rulesCollection) { if (predicate.Invoke(rule) == true) { exists = true; // break; } } } // return exists; }
public static ActionResult Install(Session session) { //System.Diagnostics.Debugger.Launch(); session.Log("Begin Install"); const string defaultUser = "******"; //var clientAssemblyName=new AssemblyName(session.CustomActionData["AdminClientAssembly"]); var serverAssemblyName = new AssemblyName(session.CustomActionData["AdminServerAssembly"]); var cosignAssemblyName = new AssemblyName(session.CustomActionData["CosignAssembly"]); // Add permissions to the SystemCertificates registry key (not sure if needed) RegistryKey rk = Registry.LocalMachine.OpenSubKey(@"SOFTWARE\Microsoft\SystemCertificates\MY", true); if (rk != null) { RegistrySecurity rs = rk.GetAccessControl(); rs.AddAccessRule(new RegistryAccessRule(defaultUser, RegistryRights.ReadKey, InheritanceFlags.ContainerInherit, PropagationFlags.None, AccessControlType.Allow)); rk.SetAccessControl(rs); rk.Close(); } // Add permissions to all valid certificates in the store var certificateStore = new X509Store(StoreName.My, StoreLocation.LocalMachine); certificateStore.Open(OpenFlags.ReadOnly); X509Certificate2Collection certificateCollection = certificateStore.Certificates.Find(X509FindType.FindByTimeValid, DateTime.Now, true); foreach (X509Certificate2 x509 in certificateCollection) { try { var rsa = x509.PrivateKey as RSACryptoServiceProvider; if (rsa != null) { var cspParams = new CspParameters(rsa.CspKeyContainerInfo.ProviderType, rsa.CspKeyContainerInfo.ProviderName, rsa.CspKeyContainerInfo.KeyContainerName) { Flags = CspProviderFlags.UseExistingKey | CspProviderFlags.UseMachineKeyStore, CryptoKeySecurity = rsa.CspKeyContainerInfo.CryptoKeySecurity }; var account = new NTAccount(defaultUser); cspParams.CryptoKeySecurity.AddAccessRule(new CryptoKeyAccessRule(account, CryptoKeyRights.GenericRead, AccessControlType.Allow)); using (var rsa2 = new RSACryptoServiceProvider(cspParams)) { // Only created to persist the rule change in the CryptoKeySecurity } } } catch (Exception) { session.Log("Invalid Certificate"); } } using (var serverManager = new ServerManager()) { // Add cosign admin module to IIS administrator for server configuration Configuration adminConfig = serverManager.GetAdministrationConfiguration(); ConfigurationSection moduleProviderSection = adminConfig.GetSection("moduleProviders"); ConfigurationElementCollection moduleProvidersCollection = moduleProviderSection.GetCollection(); ConfigurationElement oldModuleProviderElement = null; foreach (ConfigurationElement moduleProviderElement in moduleProvidersCollection) { if (moduleProviderElement.Attributes["name"].Value.ToString() == "Cosign") { oldModuleProviderElement = moduleProviderElement; } } if (oldModuleProviderElement != null) { moduleProvidersCollection.Remove(oldModuleProviderElement); } ConfigurationElement cosignAdminModuleProvider = moduleProvidersCollection.CreateElement("add"); cosignAdminModuleProvider.Attributes["name"].Value = "Cosign"; cosignAdminModuleProvider.Attributes["type"].Value = String.Format("CosignManagedAdminServer.CosignModuleProvider, CosignManagedAdminServer, Version={0}, Culture=neutral, PublicKeyToken={1}", serverAssemblyName.Version, BitConverter.ToString(serverAssemblyName.GetPublicKeyToken()).Replace("-", "")); moduleProvidersCollection.Add(cosignAdminModuleProvider); // Add cosign admin module to IIS administrator for site/application configuration ConfigurationElement oldAdminModuleElement = null; ConfigurationSection adminModulesSection = adminConfig.GetSection("modules"); ConfigurationElementCollection adminModulesCollection = adminModulesSection.GetCollection(); foreach (ConfigurationElement moduleProviderElement in adminModulesCollection) { if (moduleProviderElement.Attributes["name"].Value.ToString() == "Cosign") { oldAdminModuleElement = moduleProviderElement; } } if (oldAdminModuleElement != null) { adminModulesCollection.Remove(oldAdminModuleElement); } ConfigurationElement cosignAdminModule = adminModulesCollection.CreateElement("add"); cosignAdminModule.Attributes["name"].Value = "Cosign"; adminModulesCollection.Add(cosignAdminModule); // Add configSection to sectionGroup Configuration appHostConfig = serverManager.GetApplicationHostConfiguration(); SectionGroup webServerSectionGroup = appHostConfig.RootSectionGroup.SectionGroups["system.webServer"]; SectionDefinition cosignSectionDef = webServerSectionGroup.Sections["cosign"]; if (cosignSectionDef == null) { cosignSectionDef = webServerSectionGroup.Sections.Add("cosign"); cosignSectionDef.OverrideModeDefault = "Allow"; } else { cosignSectionDef.OverrideModeDefault = "Allow"; } // Add handler for cosign module to server configuration ConfigurationElement oldHandlerElement = null; ConfigurationSection serverHandlersSection = appHostConfig.GetSection("system.webServer/handlers"); ConfigurationElementCollection serverHandlersCollection = serverHandlersSection.GetCollection(); foreach (ConfigurationElement moduleProviderElement in serverHandlersCollection) { if (moduleProviderElement.Attributes["name"].Value.ToString() == "Cosign") { oldHandlerElement = moduleProviderElement; } } if (oldHandlerElement != null) { serverHandlersCollection.Remove(oldHandlerElement); } ConfigurationElement cosignHandlerElement = serverHandlersCollection.CreateElement("add"); cosignHandlerElement["name"] = @"Cosign"; cosignHandlerElement["path"] = @"/cosign/valid*"; cosignHandlerElement["verb"] = @"*"; cosignHandlerElement["type"] = String.Format("CosignManaged.CosignHandler, CosignManaged, Version={0}, Culture=neutral, PublicKeyToken={1}", cosignAssemblyName.Version, BitConverter.ToString(cosignAssemblyName.GetPublicKeyToken()).Replace("-", "")); cosignHandlerElement["preCondition"] = @"integratedMode"; cosignHandlerElement["resourceType"] = @"Unspecified"; serverHandlersCollection.AddAt(0, cosignHandlerElement); // Add cosign module to server configuration ConfigurationElement oldModuleElement = null; ConfigurationSection serverModulesSection = appHostConfig.GetSection("system.webServer/modules"); ConfigurationElementCollection serverModulesCollection = serverModulesSection.GetCollection(); foreach (ConfigurationElement moduleProviderElement in serverModulesCollection) { if (moduleProviderElement.Attributes["name"].Value.ToString() == "Cosign") { oldModuleElement = moduleProviderElement; } } if (oldModuleElement != null) { serverModulesCollection.Remove(oldModuleElement); } ConfigurationElement cosignModuleElement = serverModulesCollection.CreateElement("add"); cosignModuleElement["name"] = @"Cosign"; cosignModuleElement["type"] = String.Format("CosignManaged.CosignModule, CosignManaged, Version={0}, Culture=neutral, PublicKeyToken={1}", cosignAssemblyName.Version, BitConverter.ToString(cosignAssemblyName.GetPublicKeyToken()).Replace("-", "")); serverModulesCollection.AddAt(0, cosignModuleElement); serverManager.CommitChanges(); } return ActionResult.Success; }
public static ActionResult Uninstall(Session session) { using (var serverManager = new ServerManager()) { // Remove cosign admin module from IIS administrator for server configuration Configuration adminConfig = serverManager.GetAdministrationConfiguration(); ConfigurationSection moduleProviderSection = adminConfig.GetSection("moduleProviders"); ConfigurationElementCollection moduleProvidersCollection = moduleProviderSection.GetCollection(); ConfigurationElement oldModuleProviderElement = null; foreach (ConfigurationElement moduleProviderElement in moduleProvidersCollection) { if (moduleProviderElement.Attributes["name"].Value.ToString() == "Cosign") { oldModuleProviderElement = moduleProviderElement; } } if (oldModuleProviderElement != null) { moduleProvidersCollection.Remove(oldModuleProviderElement); } // Remove cosign admin module from IIS administrator for site/application configuration ConfigurationSection adminModulesSection = adminConfig.GetSection("modules"); ConfigurationElementCollection adminModulesCollection = adminModulesSection.GetCollection(); ConfigurationElement oldAdminModuleElement = null; foreach (ConfigurationElement moduleProviderElement in adminModulesCollection) { if (moduleProviderElement.Attributes["name"].Value.ToString() == "Cosign") { oldAdminModuleElement = moduleProviderElement; } } if (oldAdminModuleElement != null) { adminModulesCollection.Remove(oldAdminModuleElement); } // Remove cosign handler from server configuration Configuration appHostConfig = serverManager.GetApplicationHostConfiguration(); ConfigurationSection serverHandlersSection = appHostConfig.GetSection("system.webServer/handlers"); ConfigurationElementCollection serverHandlersCollection = serverHandlersSection.GetCollection(); ConfigurationElement oldHandlerElement = null; foreach (ConfigurationElement moduleProviderElement in serverHandlersCollection) { if (moduleProviderElement.Attributes["name"].Value.ToString() == "Cosign") { oldHandlerElement = moduleProviderElement; } } if (oldHandlerElement != null) { serverHandlersCollection.Remove(oldHandlerElement); } // Remove cosign module from server configuration ConfigurationSection serverModulesSection = appHostConfig.GetSection("system.webServer/modules"); ConfigurationElementCollection serverModulesCollection = serverModulesSection.GetCollection(); ConfigurationElement oldModuleElement = null; foreach (ConfigurationElement moduleProviderElement in serverModulesCollection) { if (moduleProviderElement.Attributes["name"].Value.ToString() == "Cosign") { oldModuleElement = moduleProviderElement; } } if (oldModuleElement != null) { serverModulesCollection.Remove(oldModuleElement); } serverManager.CommitChanges(); } return ActionResult.Success; }