Managing IIS .Net Authorization Rules with a powershell script

Question

I'd like to simply add some .Net Authorization rules in IIS (7.5 / win 2008 R2) using a powershell script with PS snap in. So far I was able to add some "allow" rules but not any deny ones.

Each time I try, it either does nothing or creates an "allow" rule, which seems odd, like if it was defaulting to allow all the time.

I tried with add-webconfigurationproperty and add-webconfiguration with no luck.

Maybe one of you has the correct command line to use?

For instance:

Add-WebConfiguration "/system.web/authorization" -value @{ElementTagName="Deny";users="*"} -PSPath "IIS:\Sites\Mysite"

Add-WebConfigurationProperty "/system.web/authorization" -Name "collection" -value @{ElementTagName='deny';users='test'} -PSPath "IIS:\Sites\Mysite"

will create 2 "allow" rules.

Same behavior if I remove ElementTagName='deny'. So weird. Like if the deny "mode" was to be accessed in some different way.

And for instance, if I go to IIS 8 and try to generate the script after adding a deny rule, the command line suggested is not working either.

How can I fix this?

Answer 1

The command you should use to add a deny rule in your example is:

Add-WebConfigurationProperty "/system.web/authorization" -PSPath "IIS:\Sites\Mysite" -Name "." -value @{users='test'} -Type "deny"

This bothered me too & I also had trouble getting appcmd to do the same thing. I did get it working in the end & found that the -Type parameter was the important one. This wasn't all that clear to me from the documentation which just says:

The type of property to add.