2

I would like to Allow the Existing IIS Manager User to a IIS Site or Website Using C# .

anyone can share the sample code . It would be really helpful .

Look at the image I want to add those users programmatically .

Thank You, Jaswanth

Jaswanth Krishna
  • 21
  • 3

2 Answers2

2

My recommendation would be not to do that using ServerManager, although possible through config APIs, you would not be respecting the provider model that IIS Users support. For example someone could have a "SQL Server" database provider and then your users in config really would not work.

To do that properly you use an API in Microsoft.Web.Management.dll (in windows\system32\inetsrv) folder, called ManagementAuthentication which has two methods for that: CreateUser, and Grant.

I wrote a blog entry a few years ago on how to call them from PowerShell: http://blogs.msdn.com/b/carlosag/archive/2009/10/23/adding-iis-manager-users-and-permissions-through-powershell.aspx

But calling them is as easy as:

Microsoft.Web.Management.Server.ManagementAuthentication.CreateUser("MyUser", "ThePassword");
Microsoft.Web.Management.Server.ManagementAuthorization.Grant("MyUser", "Default Web Site", false);

This will correctly use whichever provider is configured, and if the default configuration provider is used then that will save it in Administration.config, but if it was somewhere else it would do the right thing (such as inserting the data in a database or elsewhere).

Carlos Aguilar Mares
  • 13,411
  • 2
  • 39
  • 36
  • I'm having a bit o a problem with this advice. The first line indeed creates a user MyUser. However the second line does not seem sufficient for the user to log in. When I open the FTP site in IIS Manager (after running your suggested code), I can find MyUser in the "IIS Manager Permissions" of my FTP site but I cannot find it in "FTP Authorization Rules". Consequently FTP login fails with a message "530-User cannot log in, home directory inaccessible.". As soon as I add the user to "FTP Authorization Rules" it starts to work. This happens with and without the FTP user isolation. Help? – DenNukem Oct 13 '17 at 23:06
  • Oh, this saved my bacon: [C:\Windows\system32\inetsrv\appcmd.exe set config "MyFtpSite" -section:system.ftpServer/security/authorization /+"[accessType='Allow',users='MyUser',permissions='Read, Write']" /commit:apphost] I couldn't login without it. – DenNukem Oct 13 '17 at 23:11
0

I ended up doing these several things. First part in powershell, per advice from Carlos:

[System.Reflection.Assembly]::LoadWithPartialName("Microsoft.Web.Management") 
[Microsoft.Web.Management.Server.ManagementAuthentication]::CreateUser("MyUser", "abc123")
[Microsoft.Web.Management.Server.ManagementAuthorization]::Grant("MyUser", "MyFtpSite", $FALSE)

and then this from the command line:

appcmd.exe set config "MyFtpSite" -section:system.ftpServer/security/authorization /+"[accessType='Allow',users='MyUser',permissions='Read, Write']" /commit:apphost

All combined these allow me to add a new IIS Manager User, and give it rights to my FTP site.

More details at Microsoft site.

DenNukem
  • 8,014
  • 3
  • 40
  • 45