Compartir a través de


Using microsoft.web.administration to query iis7 as non-admin

We can either use ADSI,WMI,JScript etc ... to query IIS 7 config like how many website, virtual directories.Lately we have another option to use Microsoft.Web.Administrator namespace either from Web app or from Powershell.

At the root level we've class called ServerManager which exposes all the functionality you will need for querying/editing IIS 7 config.

First thing is we need to add reference to web application in VS 2008 for Microsoft.Web.Administrator.dll from c:\windows\system32\intesrv.

C#

Using Microsoft.Web.Administration;

public partial class Default2 : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{

ServerManager sm = new ServerManager();
foreach (Site site in sm.Sites)
{
Response.Write("Display IIS site: <br>");
Response.Write(site.Id.ToString() + " - " + site.Name);
}

Powershell

PS C:\ > $iis = new-object Microsoft.Web.Administration.ServerManager
PS C:\ > $iis.sites

Browsing it from VS 2008 cassini we are able to query successfully and list website id and its name.

Publish it under Default website which is running on Network Service in integrated mode and with Anonymous auth enabled. Now here we are expected to fail with Exception for permission denied.

Add Network Service Read & Execute permission on c:\windows\system32\inetsrv\config to bypass security exception.After this we can query IIS config for Non Admin user.

Or other option would be:

1) Use <identity impersonate=true> with specific username and password who has rights to read
2) Run the app pool in the identity of user who has access to read config.

For Powershell it is not possible to query config's unless you're admin.

Till Then Smile

Comments