How TO: Change Application Pool Identity Programmatically

A few days back I had a thought that how a System Administrator tend to have the same settings on all his thousand-plus servers. Definitely he wouldn't go around in each and every server of his and try creating a new virtual directory or an application pool. He will have some script written that will replicate the settings in every server.

So, there came a thought why don’t I write an ASP.NET2.0 code that might be used as a starter for everyone who is interested doing the same and SO, here I am with my new blog.

Before I start please take a few minutes to go through this MSDN article. I know it will take days together to go through every metabase property, but take this few minutes to have this article added to your favorites J

IIS Metabase Properties

https://msdn2.microsoft.com/en-us/library/ms525644.aspx

I started my application with the initial thoughts that I will focus majorly on changing the application pool identity programmatically. But I have included a few basic operations like creating/deleting or starting/stopping the application pool. So here goes my code. Create a new ASP.NET2.0 website and add these lines of code in the code behind.

using System.DirectoryServices;

public partial class _Default : System.Web.UI.Page

{

    protected void Page_Load(object sender, EventArgs e)

    {

        //Initialize the metabase path

        string metabasePath = "IIS://localhost/W3SVC/AppPools";

        //Specify the name for your application pool

        string appPoolName = "testAppPool"; //specify the domain account as domain\username

        //Specify the identity that will run the application pool

        string appPoolUser = "User1";

        //Specify the password for the user

        string appPoolPass = "Password1";

        DirectoryEntry pool1;

        DirectoryEntry apppools = new DirectoryEntry(metabasePath);

        pool1 = apppools.Children.Find(appPoolName, "IIsApplicationPool");

        /*Change Application Pool Identity*/

        pool1.InvokeSet("AppPoolIdentityType", new Object[] { 3 });

        pool1.InvokeSet("WAMUserName", new Object[] { Environment.MachineName + @"\" + appPoolUser }); //If you are using a local account

        pool1.InvokeSet("WAMUserPass", new Object[] { appPoolPass });

       

        /*Commit changes*/

        pool1.CommitChanges();

    }

}

That’s it!!! Go ahead and check the IIS admin to make sure that the identity is set to run under the desired user. J

THINGS THAT NEEDS TO BE TAKEN CARE OF:

Ø Make a copy of the metabase before making any changes.

Ø Make sure that the identity running the application has necessary permissions to access the metabase, generally should be an Administrator account.

Ø Make sure that the identity that you are using is a part of IIS_WPG group

FEW MORE TIPS:

I need to –

Ø Create new application pool

pool1 = apppools.Children.Add(appPoolName, "IIsApplicationPool");

Ø Start application pool

pool1.Invoke("start", new object[] { });

Ø Stop application pool

pool1.Invoke("stop", new object[] { });

Ø Delete application pool.

apppools.Children.Remove(pool1);

Note: Make sure to find the application pool first and be sure not to commit changes after removing

Ø Change Recycle Worker Process(in minutes)

pool1.InvokeSet("PeriodicRestartTime", new Object[] { 2400 });

Please let me know if I have missed something, any feedback appreciated!

Have fun coding!!!

Comments

  • Anonymous
    June 08, 2009
    PingBack from http://cellulitecreamsite.info/story.php?id=8893
  • Anonymous
    August 19, 2009
    How does one do this for the Virtual Directories, that host the ASP.NET Application?In our case, our Virtual Directories also run as the same account that is used for the AppPool. Is there any way to programmatically discover and/or update those too?Thanks!!
  • Anonymous
    August 19, 2009
    Hello Jeeves,I am not exactly sure what you are looking for.You would run a virtual directory under an application pool in IIS 6 and the app pool's identity is used to run your virtual directory. Changing the identity of the app pool changes it for your VD and hence your application.Please refer to the following article for more detailsConfiguring Application Pool Identity with IIS 6.0 (IIS 6.0)http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/f05a7c2b-36b0-4b6e-ac7c-662700081f25.mspx?mfr=trueRegards,Akshay
  • Anonymous
    September 02, 2009
    The comment has been removed
  • Anonymous
    September 02, 2009
    Ha, never mind, should have just went to the page you linked to! :)For those that need to know:http://msdn.microsoft.com/en-us/library/ms524908.aspx