I'm trying to set a user account as the Anonymous identity for a website authentication, and I've looked through every page on my Google searches but haven't found anything. There's a few things about setting it as the pool identity which is where I got the below line, but I'm not sure how that line is setting the pool identity, and I've tried to modify it to set the user account I want, but it's not working:
set-webconfigurationproperty /system.webServer/security/authentication/anonymousAuthentication -name UserName -value "domain\user" -Location "iis:\Sites\$NewApp"
I'm also trying to set a binding after I create a site, but the binding isn't being applied correctly, and I can't see why. I've looked at many examples online and tried to mimic what they have. I'm sure I just have a formatting error or something small like that. This is my binding line:
New-Item IIS:\Sites\$NewApp -bindings #{protocol="http";bindingInformation=$NewIP+":80"} -physicalPath "E:\Physicalpath"
I've spent 2 hours on this tonight, and it's driving me crazy. I just broke down and configured the servers manually for those couple items, but I really want to get this working so I can use it for other site creation scripts.
Thanks in advance for any assistance.
I was able to set the user, needed to add -PSPath. You should be able to combine -PSPath and -Location as per the Link: Enable authentication for IIS app in Powershell
set-webconfigurationproperty /system.webServer/security/authentication/anonymousAuthentication -name userName -value "domain\user" -pspath iis:\ -Location "iis:\Sites\pwa"
Further, you second doubt is clarified here: Examples of IIS Powershell cmdlets
From the above link:
COMMAND Examples: When -Value parameter is used by IIS powershell cmdlet, it usually set with a single string value (NOTE: if
the value contains space, it should be quoted with " or ')
The value can be hash table object if it is used to set a collection item
add-webconfiguration
'/system.applicationHost/sites/site[#name="Default Web
Site"]/bindings'-value #{protocol="http";bindingInformation="*:80:"}
-pspath iis:\
You can use Add-WebConfiguration for setting bindings, like so:
Add-WebConfiguration '/system.applicationHost/sites/site[#name="pwa"]/bindings' -Value #{protocol="ftp";bindingInformation="10.0.0.100:21:pwa.fabrikam.local"} -PSPath iis:\
Or, you can use Set-WebConfiguration for modifying:
set-WebConfiguration '/system.applicationHost/sites/site[#name="pwa"]/bindings' -Value #{protocol="https";bindingInformation="*:443:pwa.fabrikam.local";sslFlags=0} -PSPath iis:\
Adding everything via variables. You can manage your variables it suites your needs, I've separated every components of bindings into various variables. Putting variables inside bracket helps evaluating expressions.
$siteName = "pwa"
$appFilter = "//system.applicationHost/sites/site[#name='$($sitename)']/bindings"
$newIP = "*"
$port = 80
$hostName = "pwa.fabrikam.local"
$bindings = #{
protocol = "http"
bindingInformation="$($newIP):$($port):$($hostName)"
}
set-WebConfiguration -Filter $appFilter -Value $bindings -PSPath iis:\
If you now change only variables, the commands should continue to function. I tried changing IP and ports via variables $newIP and $port. Let us know how it goes.
Related
Afternoon guys,
I'm working on going through some lockdowns for IIS, I need to add a Deny rule to .NET Authorizations for all anonymous users.
I have this, which partially works
Add-WebConfigurationProperty -pspath 'MACHINE/WEBROOT' -filter "system.web/authorization" -name "." -value #{accessType='Deny';users='?'}
? is an alias for All anonymous users
It partially works, as in it creates the rule, but it's set as an Allow Rule even though I'm calling Deny.
Does anyone have any ideas on how to get this to register as a Deny Rule?
I ended up finding the answer in the Related section off to the side. Don't know why this never popped up in my initial googling.
Managing IIS .Net Authorization Rules with a powershell script
My final code is
Add-WebConfigurationProperty -pspath 'MACHINE/WEBROOT' -filter "system.web/authorization" -name "." -value #{users='?'} -Type 'deny'
One of my application (say app1) running under website in IIS created https binding during deployment. However when another application (say app2) under same website deployed recently via power shell script, it removed previously added https binding and broke app1.
When I looked into deployment script of app2, I realized there is a function to check if binding already exist - if yes, simply call Set-ItemProperty to update that binding or else create the one. This idea looks fine to me - basically it says create binding specific to application or update if already existing. But am not sure, why Set-ItemProperty for http removed https binding (in fact all others as well like net.tcp, net.pipe etc)
Below is function from that deployment script.
Import-Module -Name WebAdministration
function SetBindingsIIS
{
param
(
[Parameter(Mandatory)]
[ValidateNotNullOrEmpty()]
[string]$WebsiteName,
[HashTable]$protocol
)
$Status=$null
$GetProtocolName= $protocol["Protocol"]
$BindingsCollection=Get-ItemProperty -Path "IIS:\Sites\$WebsiteName" -Name Bindings
$ProtocolExists=$BindingsCollection.Collection | Where-Object{$_.protocol -eq $GetProtocolName}
Try
{
if($ProtocolExists -eq $null)
{
New-ItemProperty -Path IIS:\Sites\$WebsiteName -Name Bindings -Value $protocol -Force
}
else
{
Set-ItemProperty -Path "IIS:\Sites\$WebsiteName" -Name Bindings -Value $protocol -Force
}
$Status="Success"
}
Catch
{
$ErrorMessage=$_.Exception.Message
$Status="Error in Add/Update bindings : $ErrorMessage"
}
return $Status
}
Running this function simply removes all existing bindings already configured for web site in IIS
SetBindingsIIS -WebsiteName "TestMiddleTierSite" -protocol #{Protocol="http";BindingInformation=":81:"}
The reason it is removing all your bindings is that it is taking whatever you pass to $Protocol and over-writing the Bindings property, which is a collection of all the bindings for the site.
You should use the WebAdministration module that ships with IIS to do this instead of the generic item cmdlets. It contains various useful cmdlets, including Set-WebBinding and New-WebBinding. For example:
New-WebBinding -Name "TestMiddleTierSite" -IPAddress "*" -Port 81 -Protocol http
While #boxdog's answer is right and recommendable: it is possible to add a binding using *-ItemProperty and the IIS: PSDrive. Just do not use Set-ItemProperty, but New-ItemProperty to add a new property to the collection:
New-ItemProperty 'IIS:\Sites\Default Web Site' -Name bindings -Value #{protocol='http'; bindingInformation='*:81:'}
How can I set application settings in IIS through PowerShell?
I tried using Set-WebConfigurationProperty as
Set-WebConfigurationProperty "/appSettings/add[#key='someKey']" -PSPath "IIS:\Sites\Default Web Site\someSite" -name "someKey" -Value "someValue"
But I am getting
WARNING: Target configuration object '/appSettings/add[#key='someKey'] is not found at path 'MACHINE/WEBROOT/APPHOST/Default Web Site/someSite'.
The easiest way to do this I find is to build the PowerShell from IIS configuration editor.
To do this;
1) Open Inetmgr (IIS)
2) Click on the site you want to target.
3) Feature View, Configuration Editor down at the bottom left.
4) From here, browse to the section of the configuration you want to edit, and
make the change
5) Then click "Generate Script" on the top right.
This will generate multiple different scripts for configuring this, choose PowerShell and there you go.
For example, changing Windows authentication to Forms
Set-WebConfigurationProperty -pspath 'MACHINE/WEBROOT/APPHOST/Somewebsite' -filter "system.web/authentication" -name "mode" -value "Forms"
You can learn how to do just about anything from here.
There is also the get-webconfigurationproperty command that will get you the config before you edit it, this is just run from PowerShell.
A key to remember is is SET-WebConfigurationProperty will override everything and often not do what you want.
Where Add-WebConfigurationProperty will add, not override and add additional config.
Hope that helps!
Rich
And how exactly to use Add-WebConfigurationProperty? Because it must be used in case the app setting is yet missing (Set-WebConfigurationProperty will fail).
So, given the following configuration, a site "SiteOne" with a virtual directory "VirtualDirOne":
<?xml version="1.0" encoding="utf-8"?>
<configuration xmlns:xdt="http://schemas.microsoft.com/XML-Document-Transform">
<appSettings>
<add key="first" value="a" />
</appSettings>
</configuration>
When I want to change the value to "b":
Set-WebConfigurationProperty -pspath "iis:\Sites\SiteOne\VirtualDirOne" -filter "/appSettings/add[#key='first']" -name value -value "b"
When I want to add another setting:
Add-WebConfigurationProperty -pspath "iis:\Sites\SiteOne\VirtualDirOne" -filter "/appSettings" -name "." -value #{key='second'; value='x'}
When I want to get the value:
Get-WebConfigurationProperty -pspath "iis:\Sites\SiteOne\VirtualDirOne" -filter "/appSettings/add[#key='second']" -name "value.Value"
And finally, to remove the setting:
Clear-WebConfiguration -pspath "iis:\Sites\SiteOne\VirtualDirOne" -filter "/appSettings/add[#key='second']"
There many examples here.
My script is whitelisting IP for a particular URL in IIS.
Set-WebConfigurationProperty -Filter /system.webserver/security/ipsecurity -Name allowUnlisted -Value $false -Location "default web site"
Add-WebConfiguration /system.webserver/security/ipsecurity -location "default web site" -Value #{ipAddress = 129.0.0.1 ;subnetmask = 255.255.255.0 ;allowed="true"} -pspath IIS:\
It works perfectly except when I remove the entry manually from IIS, and again i try to run this script it warns me "cannot add duplicate entry of type add". I cannot see the entry in IIS. Is there a way to remove that duplicate entry via powershell.
Reason behind this is that, applicationhost.config file in inetserv folder has that entry. If you add it via script, remove it via script, or you can open config file in notepad and find the entry and delete it. Save the file after.
I'd like to simply add some .Net Authorization rules in IIS (7.5 / win 2008 R2) using a powershell script with PS snap in. So far I was able to add some "allow" rules but not any deny ones.
Each time I try, it either does nothing or creates an "allow" rule, which seems odd, like if it was defaulting to allow all the time.
I tried with add-webconfigurationproperty and add-webconfiguration with no luck.
Maybe one of you has the correct command line to use?
For instance:
Add-WebConfiguration "/system.web/authorization" -value #{ElementTagName="Deny";users="*"} -PSPath "IIS:\Sites\Mysite"
Add-WebConfigurationProperty "/system.web/authorization" -Name "collection" -value #{ElementTagName='deny';users='test'} -PSPath "IIS:\Sites\Mysite"
will create 2 "allow" rules.
Same behavior if I remove ElementTagName='deny'. So weird. Like if the deny "mode" was to be accessed in some different way.
And for instance, if I go to IIS 8 and try to generate the script after adding a deny rule, the command line suggested is not working either.
How can I fix this?
The command you should use to add a deny rule in your example is:
Add-WebConfigurationProperty "/system.web/authorization" -PSPath "IIS:\Sites\Mysite" -Name "." -value #{users='test'} -Type "deny"
This bothered me too & I also had trouble getting appcmd to do the same thing. I did get it working in the end & found that the -Type parameter was the important one. This wasn't all that clear to me from the documentation which just says:
The type of property to add.