4

(EDIT) The plot thickens: The same code (with no need for impersonation!) runs successfully from a Windows 7 client, but NOT from a Windows 2008 R2 client! Here's the code in question. (Original message follows code below.)

var entry = new DirectoryEntry("IIS://" + tbHost.Text + "/W3SVC", tbUsername.Text, tbPassword.Password);
foreach (DirectoryEntry site in entry.Children)
{
    Console.Write("Site {0}\n", site.Name);
    foreach (PropertyValueCollection prop in site.Properties)
        Console.Write("{0}={1}\n", prop.PropertyName, prop.Value);
}

I read here that, for the IIS provider, you can't pass credentials when creating the DirectoryEntry object. You have to do impersonation. So I tried the following code, but I still get a COMException with a text of "Unknown error (0x80005000)" when I try to read a property, just as I did when I previously tried to pass username and password for the DirectoryEntry constructor. Here's the rundown:

  • LogonUser() succeeds, credentials are OK. I had banged by head a little before I found out I had to use LOGON32_LOGON_NEW_CREDENTIALS instead of LOGON32_LOGON_INTERACTIVE.
  • The remote machine is not in the same domain. Actually, it isn't in a domain at all. In fact, I put its name in the client's hosts file so I could get to it by name.
  • Running Metabase Explorer in the target machine shows me the key I want to read does exist. (See picture at end of the post.)

.

const int LOGON32_LOGON_INTERACTIVE = 2;
const int LOGON32_LOGON_NETWORK = 3;
const int LOGON32_LOGON_NEW_CREDENTIALS = 9;

const int LOGON32_PROVIDER_DEFAULT = 0;
const int LOGON32_PROVIDER_WINNT50 = 3;
const int LOGON32_PROVIDER_WINNT40 = 2;
const int LOGON32_PROVIDER_WINNT35 = 1;

[DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern int LogonUser(String lpszUserName, string lpszDomain, string lpszPassword, int dwLogonType, int dwLogonProvider, ref IntPtr phToken);

[DllImport("kernel32.dll", CharSet = CharSet.Auto)]
public extern static bool CloseHandle(IntPtr handle);

[DllImport("kernel32.dll")]
extern static int GetLastError();

(...)

IntPtr myToken = IntPtr.Zero;
if (LogonUser(tbUsername.Text, tbHost.Text, tbPassword.Password, LOGON32_LOGON_NEW_CREDENTIALS, LOGON32_PROVIDER_DEFAULT, ref myToken) == 0)
{
    int causingError = GetLastError();
    throw new System.ComponentModel.Win32Exception(causingError);
}

WindowsImpersonationContext myMission = WindowsIdentity.Impersonate(myToken);

string mbUri = "IIS://" + tbHost.Text + "/MimeMap";
DirectoryEntry myDirEntry = new DirectoryEntry(mbUri);
Console.Write("{0}\n", myDirEntry.Properties["KeyType"]);

myDirEntry.Close();
myMission.Undo();
if (myToken != IntPtr.Zero)
    CloseHandle(myToken);

enter image description here

JCCyC
  • 16,140
  • 11
  • 48
  • 75

2 Answers2

5

Got it. All I had to do was go to Server Management → Roles → Web Server (IIS) and enable the service Management Tools → IIS 6 Management Compatibility → IIS 6 Metabase Compatibility. See pic below.

It's in the client machine, so you don't really have to have anything else from IIS installed.

I wonder how that will work for a non-server Windows (XP, Vista, 7).

enter image description here

JCCyC
  • 16,140
  • 11
  • 48
  • 75
  • I'm having this issue from a Win7 client. I'm writing an installer framework and need to configure a website and virtual directory on a remote machine. All of the examples I've seen use localhost which I can connect to fine. I cannot connect to a Server 2K8 R2 instance, though. Is your answer stating that I need to have the Metabase Compatibility installed on the client where the connection is created or on the server that hosts IIS (looks like client from your picture)? Also, are you saying in your question that I shouldn't be using DirectoryEntry's user/pass, but impersonation? – Mike G Apr 25 '12 at 12:29
  • Here's a little more info that I found after digging a bit. On Win7 you'll need to have the Metabase Compatability installed for IIS6. Next is key: you'll also need it on the IIS host. See this article: http://blogs.msdn.com/b/narahari/archive/2009/05/13/when-using-directoryservices-to-access-iis-schema-iis6-management-compatibility-pack-needs-to-be-installed-system-runtime-interopservices-comexception-0x80005000.aspx – Mike G Apr 25 '12 at 13:37
  • On Windows Desktop this is under Control Panel -> Programs and Features -> Turn Windows Features on or off (left hand side) -> Internet Information Services -> Web management Tools -> IIS 6 Management Compatibility. – Tod Apr 01 '21 at 10:48
0

You can also open Powershell as an administrator and use the following to enable IIS 6 Management Compatibility:

Import-Module Servermanager
Add-WindowsFeature Web-Mgmt-Compat -IncludeAllSubFeature
Get-WindowsFeature #Show list of all installed features
Greg Bray
  • 14,929
  • 12
  • 80
  • 104