I'm writing a Wix-based setup for a web application and would like to set permissions on the folders it installs so that IIS can access them.
IIS 6 and 7 use IIS_WPG and IIS_USRS respectively, and IIS 5 uses IUSR_COMPUTER NAME. If the user has changed their machine name however, setting permissions using the current computer name fails.
Is there a way of programmatically determining the user account being used by IIS 5 rather than just assuming it will be IUSR_COMPUTERNAME?
I'm doing it like this (don't pretend to offer the best practice solution) - that's an immediate CA which sets the properties you can use later:
[CustomAction]
public static ActionResult SetIUSRAccountNameAction(Session session)
{
ActionResult actionResult = ActionResult.Failure;
DirectoryEntry iisAdmin = new DirectoryEntry("IIS://localhost/W3SVC");
if (iisAdmin != null)
{
string iusrName = (string)iisAdmin.Properties["AnonymousUserName"][0];
if (!string.IsNullOrEmpty(iusrName))
{
session["IUSR_USERNAME"] = iusrName;
string iusrDomain = GetAccountDomain(iusrName, session);
if (!string.IsNullOrEmpty(iusrDomain))
{
session["IUSR_DOMAIN"] = iusrDomain;
}
actionResult = ActionResult.Success;
}
}
return actionResult;
}
where the GetAccountDomain method is defined like this:
static string GetAccountDomain(string accountName, Session session)
{
SelectQuery query = new SelectQuery("Win32_UserAccount", string.Format("Name='{0}'", accountName), new string[] { "Domain" });
ManagementObjectSearcher searcher = new ManagementObjectSearcher(query);
try
{
foreach (ManagementObject account in searcher.Get())
{
return (string)account["Domain"];
}
}
catch (Exception ex)
{
session.Log("Failed to get a domain for the user {0}: {1}", accountName, ex.Message);
}
return null;
}
Hope this helps.