|
public GetAdministrationConfiguration ( ) : |
||
| return | ||
public static void AddUIModuleProvider(string name, string type)
{
using (ServerManager mgr = new ServerManager())
{
// First register the Module Provider
Configuration adminConfig = mgr.GetAdministrationConfiguration();
ConfigurationSection moduleProvidersSection = adminConfig.GetSection("moduleProviders");
ConfigurationElementCollection moduleProviders = moduleProvidersSection.GetCollection();
if (FindByAttribute(moduleProviders, "name", name) == null)
{
ConfigurationElement moduleProvider = moduleProviders.CreateElement();
moduleProvider.SetAttributeValue("name", name);
moduleProvider.SetAttributeValue("type", type);
moduleProviders.Add(moduleProvider);
}
// Now register it so that all Sites have access to this module
ConfigurationSection modulesSection = adminConfig.GetSection("modules");
ConfigurationElementCollection modules = modulesSection.GetCollection();
if (FindByAttribute(modules, "name", name) == null)
{
ConfigurationElement module = modules.CreateElement();
module.SetAttributeValue("name", name);
modules.Add(module);
}
mgr.CommitChanges();
}
}
/// <summary>
/// Removes the specified UI Module by name
/// </summary>
public static void RemoveUIModuleProvider(string name)
{
using (ServerManager mgr = new ServerManager())
{
// First remove it from the sites
Configuration adminConfig = mgr.GetAdministrationConfiguration();
ConfigurationSection modulesSection = adminConfig.GetSection("modules");
ConfigurationElementCollection modules = modulesSection.GetCollection();
ConfigurationElement module = FindByAttribute(modules, "name", name);
if (module != null)
{
modules.Remove(module);
}
// now remove the ModuleProvider
ConfigurationSection moduleProvidersSection = adminConfig.GetSection("moduleProviders");
ConfigurationElementCollection moduleProviders = moduleProvidersSection.GetCollection();
ConfigurationElement moduleProvider = FindByAttribute(moduleProviders, "name", name);
if (moduleProvider != null)
{
moduleProviders.Remove(moduleProvider);
}
mgr.CommitChanges();
}
}
public void RemoveUserFromRule(string providers, string path, string accountName)
{
var rulePredicate = new Predicate<ConfigurationElement>(x => { return x.Attributes["providers"].Value.Equals(providers) && x.Attributes["path"].Value.Equals(path); });
//
var userPredicate = new Predicate<ConfigurationElement>(x => { return x.Attributes["name"].Value.Equals(accountName); });
//
using (var srvman = new ServerManager())
{
var adminConfig = srvman.GetAdministrationConfiguration();
//
var delegationSection = adminConfig.GetSection("system.webServer/management/delegation");
//
var rulesCollection = delegationSection.GetCollection();
// Update rule if exists
foreach (var rule in rulesCollection)
{
if (rulePredicate.Invoke(rule) == true)
{
var permissions = rule.GetCollection("permissions");
//
foreach (var user in permissions)
{
if (userPredicate.Invoke(user))
{
permissions.Remove(user);
//
srvman.CommitChanges();
//
break;
}
}
}
}
}
}
public void RestrictRuleToUser(string providers, string path, string accountName)
{
var rulePredicate = new Predicate<ConfigurationElement>(x => { return x.Attributes["providers"].Value.Equals(providers) && x.Attributes["path"].Value.Equals(path); });
//
var userPredicate = new Predicate<ConfigurationElement>(x => { return x.Attributes["name"].Value.Equals(accountName); });
//
using (var srvman = new ServerManager())
{
var adminConfig = srvman.GetAdministrationConfiguration();
// return if system.webServer/management/delegation section is not exist in config file
if (!HasDelegationSection(adminConfig))
return;
var delegationSection = adminConfig.GetSection("system.webServer/management/delegation");
//
var rulesCollection = delegationSection.GetCollection();
// Update rule if exists
foreach (var rule in rulesCollection)
{
if (rulePredicate.Invoke(rule) == true)
{
var permissions = rule.GetCollection("permissions");
//
var user = default(ConfigurationElement);
//
foreach (var item in permissions)
{
if (userPredicate.Invoke(item))
{
user = item;
//
break;
}
}
//
if (user == null)
{
user = permissions.CreateElement("user");
//
user.SetAttributeValue("name", accountName);
user.SetAttributeValue("isRole", false);
//
permissions.Add(user);
}
//
if (user != null)
{
user.SetAttributeValue("accessType", "Deny");
//
srvman.CommitChanges();
}
}
}
}
}
static void Main (string [] args)
{
using (ServerManager serverManager = new ServerManager())
{
Configuration config = serverManager.GetAdministrationConfiguration();
ConfigurationSection trustedProvidersSection = config.GetSection("system.webServer/management/trustedProviders");
ConfigurationElementCollection trustedProvidersCollection = trustedProvidersSection.GetCollection();
int NumberOfEntries = trustedProvidersCollection.Count;
while (NumberOfEntries > 0)
{
ConfigurationElement Element = trustedProvidersCollection [--NumberOfEntries];
String Type = Element ["type"].ToString ();
if ((Type.IndexOf ("2.0.0.0") != -1)
&& (Type.IndexOf ("System.Web.Security.") != -1))
{
trustedProvidersCollection.Remove (Element);
}
}
NumberOfEntries = trustedProvidersCollection.Count;
//ConfigurationElement V4MembershipElement = trustedProvidersCollection.CreateElement ("add");
//V4MembershipElement ["type"] = @"System.Web.Security.SqlMembershipProvider, System.Web, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a";
//trustedProvidersCollection.Add (V4MembershipElement);
//ConfigurationElement V4RoleElement = trustedProvidersCollection.CreateElement ("add");
//V4RoleElement ["type"] = @"System.Web.Security.SqlRoleProvider, System.Web, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a";
//trustedProvidersCollection.Add (V4RoleElement);
//ConfigurationElement V4ProfileElement = trustedProvidersCollection.CreateElement ("add");
//V4ProfileElement ["type"] = @"System.Web.Security.SqlProfileProvider, System.Web, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a";
//trustedProvidersCollection.Add (V4ProfileElement);
//ConfigurationElement V4TokenElement = trustedProvidersCollection.CreateElement ("add");
//V4TokenElement ["type"] = @"System.Web.Security.WindowsTokenRoleProvider, System.Web, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a";
//trustedProvidersCollection.Add (V4TokenElement);
NumberOfEntries = trustedProvidersCollection.Count;
// serverManager.CommitChanges ();
}
}
private static void AddMsDeployAccessToSite(ServerManager sm,string siteName, string iisMgrUserName)
{
Configuration config = sm.GetAdministrationConfiguration();
ConfigurationSection authorizationSection = config.GetSection("system.webServer/management/authorization");
ConfigurationElementCollection authorizationRulesCollection = authorizationSection.GetCollection("authorizationRules");
ConfigurationElement scopeElement = FindElement(authorizationRulesCollection, "scope", "path", @"/{0}".Fmt(siteName));
if (scopeElement == null)
{
scopeElement = authorizationRulesCollection.CreateElement("scope");
scopeElement["path"] = @"/{0}".Fmt(siteName);
authorizationRulesCollection.Add(scopeElement);
}
ConfigurationElementCollection scopeCollection = scopeElement.GetCollection();
bool hasAccessAlready = false;
foreach (var childElement in scopeCollection.ChildElements)
{
if ((string) childElement.GetAttributeValue("name") == iisMgrUserName)
hasAccessAlready = true;
}
if (!hasAccessAlready)
{
ConfigurationElement addElement = scopeCollection.CreateElement("add");
addElement["name"] = iisMgrUserName;
scopeCollection.Add(addElement);
}
sm.CommitChanges();
}
protected void ReadWebManagementAccessDetails(ServerManager srvman, WebVirtualDirectory iisObject)
{
bool wmSvcAvailable = IsWebManagementServiceInstalled();
//
iisObject.SetValue<bool>(WebSite.WmSvcAvailable, wmSvcAvailable);
//
if (wmSvcAvailable)
{
//
iisObject.SetValue<bool>(
WebVirtualDirectory.WmSvcSiteEnabled,
IsWebManagementAccessEnabled(iisObject));
//
string fqWebPath = @"/" + iisObject.FullQualifiedPath;
//
Configuration config = srvman.GetAdministrationConfiguration();
ConfigurationSection authorizationSection = config.GetSection("system.webServer/management/authorization");
ConfigurationElementCollection authorizationRulesCollection = authorizationSection.GetCollection("authorizationRules");
ConfigurationElement scopeElement = FindElement(authorizationRulesCollection, "scope", "path", fqWebPath);
Log.WriteInfo("FQ WebPath: " + fqWebPath);
if (scopeElement != null)
{
ConfigurationElementCollection scopeCollection = scopeElement.GetCollection();
// Retrieve account name
if (scopeCollection.Count > 0)
{
/*
iisObject.SetValue<string>(
WebSite.WmSvcAccountName,
GetNonQualifiedAccountName((String)scopeCollection[0]["name"]));
*/
iisObject.SetValue<string>(
WebSite.WmSvcAccountName, (String)scopeCollection[0]["name"]);
//
iisObject.SetValue<string>(
WebSite.WmSvcServiceUrl, ProviderSettings["WmSvc.ServiceUrl"]);
//
iisObject.SetValue<string>(
WebSite.WmSvcServicePort, ProviderSettings["WmSvc.Port"]);
}
}
}
}
public bool DelegationRuleExists(string providers, string path)
{
var exists = false;
//
var predicate = new Predicate<ConfigurationElement>(x =>
{
return x.Attributes["providers"].Value.Equals(providers) && x.Attributes["path"].Value.Equals(path);
});
//
using (var srvman = new ServerManager())
{
var adminConfig = srvman.GetAdministrationConfiguration();
// return if system.webServer/management/delegation section is not exist in config file
if (!HasDelegationSection(adminConfig))
return false;
var delegationSection = adminConfig.GetSection("system.webServer/management/delegation");
//
var rulesCollection = delegationSection.GetCollection();
// Update rule if exists
foreach (var rule in rulesCollection)
{
if (predicate.Invoke(rule) == true)
{
exists = true;
//
break;
}
}
}
//
return exists;
}
public static ActionResult Install(Session session)
{
//System.Diagnostics.Debugger.Launch();
session.Log("Begin Install");
const string defaultUser = "******";
//var clientAssemblyName=new AssemblyName(session.CustomActionData["AdminClientAssembly"]);
var serverAssemblyName = new AssemblyName(session.CustomActionData["AdminServerAssembly"]);
var cosignAssemblyName = new AssemblyName(session.CustomActionData["CosignAssembly"]);
// Add permissions to the SystemCertificates registry key (not sure if needed)
RegistryKey rk = Registry.LocalMachine.OpenSubKey(@"SOFTWARE\Microsoft\SystemCertificates\MY", true);
if (rk != null)
{
RegistrySecurity rs = rk.GetAccessControl();
rs.AddAccessRule(new RegistryAccessRule(defaultUser, RegistryRights.ReadKey, InheritanceFlags.ContainerInherit, PropagationFlags.None, AccessControlType.Allow));
rk.SetAccessControl(rs);
rk.Close();
}
// Add permissions to all valid certificates in the store
var certificateStore = new X509Store(StoreName.My, StoreLocation.LocalMachine);
certificateStore.Open(OpenFlags.ReadOnly);
X509Certificate2Collection certificateCollection = certificateStore.Certificates.Find(X509FindType.FindByTimeValid, DateTime.Now, true);
foreach (X509Certificate2 x509 in certificateCollection)
{
try
{
var rsa = x509.PrivateKey as RSACryptoServiceProvider;
if (rsa != null)
{
var cspParams = new CspParameters(rsa.CspKeyContainerInfo.ProviderType, rsa.CspKeyContainerInfo.ProviderName, rsa.CspKeyContainerInfo.KeyContainerName)
{
Flags =
CspProviderFlags.UseExistingKey | CspProviderFlags.UseMachineKeyStore,
CryptoKeySecurity = rsa.CspKeyContainerInfo.CryptoKeySecurity
};
var account = new NTAccount(defaultUser);
cspParams.CryptoKeySecurity.AddAccessRule(new CryptoKeyAccessRule(account, CryptoKeyRights.GenericRead, AccessControlType.Allow));
using (var rsa2 = new RSACryptoServiceProvider(cspParams))
{
// Only created to persist the rule change in the CryptoKeySecurity
}
}
}
catch (Exception)
{
session.Log("Invalid Certificate");
}
}
using (var serverManager = new ServerManager())
{
// Add cosign admin module to IIS administrator for server configuration
Configuration adminConfig = serverManager.GetAdministrationConfiguration();
ConfigurationSection moduleProviderSection = adminConfig.GetSection("moduleProviders");
ConfigurationElementCollection moduleProvidersCollection = moduleProviderSection.GetCollection();
ConfigurationElement oldModuleProviderElement = null;
foreach (ConfigurationElement moduleProviderElement in moduleProvidersCollection)
{
if (moduleProviderElement.Attributes["name"].Value.ToString() == "Cosign")
{
oldModuleProviderElement = moduleProviderElement;
}
}
if (oldModuleProviderElement != null)
{
moduleProvidersCollection.Remove(oldModuleProviderElement);
}
ConfigurationElement cosignAdminModuleProvider = moduleProvidersCollection.CreateElement("add");
cosignAdminModuleProvider.Attributes["name"].Value = "Cosign";
cosignAdminModuleProvider.Attributes["type"].Value = String.Format("CosignManagedAdminServer.CosignModuleProvider, CosignManagedAdminServer, Version={0}, Culture=neutral, PublicKeyToken={1}", serverAssemblyName.Version, BitConverter.ToString(serverAssemblyName.GetPublicKeyToken()).Replace("-", ""));
moduleProvidersCollection.Add(cosignAdminModuleProvider);
// Add cosign admin module to IIS administrator for site/application configuration
ConfigurationElement oldAdminModuleElement = null;
ConfigurationSection adminModulesSection = adminConfig.GetSection("modules");
ConfigurationElementCollection adminModulesCollection = adminModulesSection.GetCollection();
foreach (ConfigurationElement moduleProviderElement in adminModulesCollection)
{
if (moduleProviderElement.Attributes["name"].Value.ToString() == "Cosign")
{
oldAdminModuleElement = moduleProviderElement;
}
}
if (oldAdminModuleElement != null)
{
adminModulesCollection.Remove(oldAdminModuleElement);
}
ConfigurationElement cosignAdminModule = adminModulesCollection.CreateElement("add");
cosignAdminModule.Attributes["name"].Value = "Cosign";
adminModulesCollection.Add(cosignAdminModule);
// Add configSection to sectionGroup
Configuration appHostConfig = serverManager.GetApplicationHostConfiguration();
SectionGroup webServerSectionGroup = appHostConfig.RootSectionGroup.SectionGroups["system.webServer"];
SectionDefinition cosignSectionDef = webServerSectionGroup.Sections["cosign"];
if (cosignSectionDef == null)
{
cosignSectionDef = webServerSectionGroup.Sections.Add("cosign");
cosignSectionDef.OverrideModeDefault = "Allow";
}
else
{
cosignSectionDef.OverrideModeDefault = "Allow";
}
// Add handler for cosign module to server configuration
ConfigurationElement oldHandlerElement = null;
ConfigurationSection serverHandlersSection = appHostConfig.GetSection("system.webServer/handlers");
ConfigurationElementCollection serverHandlersCollection = serverHandlersSection.GetCollection();
foreach (ConfigurationElement moduleProviderElement in serverHandlersCollection)
{
if (moduleProviderElement.Attributes["name"].Value.ToString() == "Cosign")
{
oldHandlerElement = moduleProviderElement;
}
}
if (oldHandlerElement != null)
{
serverHandlersCollection.Remove(oldHandlerElement);
}
ConfigurationElement cosignHandlerElement = serverHandlersCollection.CreateElement("add");
cosignHandlerElement["name"] = @"Cosign";
cosignHandlerElement["path"] = @"/cosign/valid*";
cosignHandlerElement["verb"] = @"*";
cosignHandlerElement["type"] = String.Format("CosignManaged.CosignHandler, CosignManaged, Version={0}, Culture=neutral, PublicKeyToken={1}", cosignAssemblyName.Version, BitConverter.ToString(cosignAssemblyName.GetPublicKeyToken()).Replace("-", ""));
cosignHandlerElement["preCondition"] = @"integratedMode";
cosignHandlerElement["resourceType"] = @"Unspecified";
serverHandlersCollection.AddAt(0, cosignHandlerElement);
// Add cosign module to server configuration
ConfigurationElement oldModuleElement = null;
ConfigurationSection serverModulesSection = appHostConfig.GetSection("system.webServer/modules");
ConfigurationElementCollection serverModulesCollection = serverModulesSection.GetCollection();
foreach (ConfigurationElement moduleProviderElement in serverModulesCollection)
{
if (moduleProviderElement.Attributes["name"].Value.ToString() == "Cosign")
{
oldModuleElement = moduleProviderElement;
}
}
if (oldModuleElement != null)
{
serverModulesCollection.Remove(oldModuleElement);
}
ConfigurationElement cosignModuleElement = serverModulesCollection.CreateElement("add");
cosignModuleElement["name"] = @"Cosign";
cosignModuleElement["type"] = String.Format("CosignManaged.CosignModule, CosignManaged, Version={0}, Culture=neutral, PublicKeyToken={1}", cosignAssemblyName.Version, BitConverter.ToString(cosignAssemblyName.GetPublicKeyToken()).Replace("-", ""));
serverModulesCollection.AddAt(0, cosignModuleElement);
serverManager.CommitChanges();
}
return ActionResult.Success;
}
public static ActionResult Uninstall(Session session)
{
using (var serverManager = new ServerManager())
{
// Remove cosign admin module from IIS administrator for server configuration
Configuration adminConfig = serverManager.GetAdministrationConfiguration();
ConfigurationSection moduleProviderSection = adminConfig.GetSection("moduleProviders");
ConfigurationElementCollection moduleProvidersCollection = moduleProviderSection.GetCollection();
ConfigurationElement oldModuleProviderElement = null;
foreach (ConfigurationElement moduleProviderElement in moduleProvidersCollection)
{
if (moduleProviderElement.Attributes["name"].Value.ToString() == "Cosign")
{
oldModuleProviderElement = moduleProviderElement;
}
}
if (oldModuleProviderElement != null)
{
moduleProvidersCollection.Remove(oldModuleProviderElement);
}
// Remove cosign admin module from IIS administrator for site/application configuration
ConfigurationSection adminModulesSection = adminConfig.GetSection("modules");
ConfigurationElementCollection adminModulesCollection = adminModulesSection.GetCollection();
ConfigurationElement oldAdminModuleElement = null;
foreach (ConfigurationElement moduleProviderElement in adminModulesCollection)
{
if (moduleProviderElement.Attributes["name"].Value.ToString() == "Cosign")
{
oldAdminModuleElement = moduleProviderElement;
}
}
if (oldAdminModuleElement != null)
{
adminModulesCollection.Remove(oldAdminModuleElement);
}
// Remove cosign handler from server configuration
Configuration appHostConfig = serverManager.GetApplicationHostConfiguration();
ConfigurationSection serverHandlersSection = appHostConfig.GetSection("system.webServer/handlers");
ConfigurationElementCollection serverHandlersCollection = serverHandlersSection.GetCollection();
ConfigurationElement oldHandlerElement = null;
foreach (ConfigurationElement moduleProviderElement in serverHandlersCollection)
{
if (moduleProviderElement.Attributes["name"].Value.ToString() == "Cosign")
{
oldHandlerElement = moduleProviderElement;
}
}
if (oldHandlerElement != null)
{
serverHandlersCollection.Remove(oldHandlerElement);
}
// Remove cosign module from server configuration
ConfigurationSection serverModulesSection = appHostConfig.GetSection("system.webServer/modules");
ConfigurationElementCollection serverModulesCollection = serverModulesSection.GetCollection();
ConfigurationElement oldModuleElement = null;
foreach (ConfigurationElement moduleProviderElement in serverModulesCollection)
{
if (moduleProviderElement.Attributes["name"].Value.ToString() == "Cosign")
{
oldModuleElement = moduleProviderElement;
}
}
if (oldModuleElement != null)
{
serverModulesCollection.Remove(oldModuleElement);
}
serverManager.CommitChanges();
}
return ActionResult.Success;
}
