How TO: Change Application Pool Identity Programmatically
A few days back I had a thought that how a System Administrator tend to have the same settings on all his thousand-plus servers. Definitely he wouldn't go around in each and every server of his and try creating a new virtual directory or an application pool. He will have some script written that will replicate the settings in every server.
So, there came a thought why don’t I write an ASP.NET2.0 code that might be used as a starter for everyone who is interested doing the same and SO, here I am with my new blog.
Before I start please take a few minutes to go through this MSDN article. I know it will take days together to go through every metabase property, but take this few minutes to have this article added to your favorites J
IIS Metabase Properties
https://msdn2.microsoft.com/en-us/library/ms525644.aspx
I started my application with the initial thoughts that I will focus majorly on changing the application pool identity programmatically. But I have included a few basic operations like creating/deleting or starting/stopping the application pool. So here goes my code. Create a new ASP.NET2.0 website and add these lines of code in the code behind.
using System.DirectoryServices;
public partial class _Default : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
//Initialize the metabase path
string metabasePath = "IIS://localhost/W3SVC/AppPools";
//Specify the name for your application pool
string appPoolName = "testAppPool"; //specify the domain account as domain\username
//Specify the identity that will run the application pool
string appPoolUser = "User1";
//Specify the password for the user
string appPoolPass = "Password1";
DirectoryEntry pool1;
DirectoryEntry apppools = new DirectoryEntry(metabasePath);
pool1 = apppools.Children.Find(appPoolName, "IIsApplicationPool");
/*Change Application Pool Identity*/
pool1.InvokeSet("AppPoolIdentityType", new Object[] { 3 });
pool1.InvokeSet("WAMUserName", new Object[] { Environment.MachineName + @"\" + appPoolUser }); //If you are using a local account
pool1.InvokeSet("WAMUserPass", new Object[] { appPoolPass });
/*Commit changes*/
pool1.CommitChanges();
}
}
That’s it!!! Go ahead and check the IIS admin to make sure that the identity is set to run under the desired user. J
THINGS THAT NEEDS TO BE TAKEN CARE OF:
Ø Make a copy of the metabase before making any changes.
Ø Make sure that the identity running the application has necessary permissions to access the metabase, generally should be an Administrator account.
Ø Make sure that the identity that you are using is a part of IIS_WPG group
FEW MORE TIPS:
I need to –
Ø Create new application pool
pool1 = apppools.Children.Add(appPoolName, "IIsApplicationPool");
Ø Start application pool
pool1.Invoke("start", new object[] { });
Ø Stop application pool
pool1.Invoke("stop", new object[] { });
Ø Delete application pool.
apppools.Children.Remove(pool1);
Note: Make sure to find the application pool first and be sure not to commit changes after removing
Ø Change Recycle Worker Process(in minutes)
pool1.InvokeSet("PeriodicRestartTime", new Object[] { 2400 });
Please let me know if I have missed something, any feedback appreciated!
Have fun coding!!!
Comments
- Anonymous
June 08, 2009
PingBack from http://cellulitecreamsite.info/story.php?id=8893 - Anonymous
August 19, 2009
How does one do this for the Virtual Directories, that host the ASP.NET Application?In our case, our Virtual Directories also run as the same account that is used for the AppPool. Is there any way to programmatically discover and/or update those too?Thanks!! - Anonymous
August 19, 2009
Hello Jeeves,I am not exactly sure what you are looking for.You would run a virtual directory under an application pool in IIS 6 and the app pool's identity is used to run your virtual directory. Changing the identity of the app pool changes it for your VD and hence your application.Please refer to the following article for more detailsConfiguring Application Pool Identity with IIS 6.0 (IIS 6.0)http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/f05a7c2b-36b0-4b6e-ac7c-662700081f25.mspx?mfr=trueRegards,Akshay - Anonymous
September 02, 2009
The comment has been removed - Anonymous
September 02, 2009
Ha, never mind, should have just went to the page you linked to! :)For those that need to know:http://msdn.microsoft.com/en-us/library/ms524908.aspx