Programmatically edit IIS IPGrant Table
I've been working on a programmatic solution to edit the IPGrant table in IIS.
As it stands, I can View the IPGrant list Correctly, and CAN add to it.
However, I cannot remove or replace items in the IPGrant list.
MSDN and such recommend that you write (the values of the old list + the new value) to the List, however I'm finding I'm getting a HResult of "Cannot create file with that name, file already exists". Adding to the list only works for me If I pass in the new value only.
After some reading:
http://www.west-wind.com/weblog/posts/59731.aspx
http://www.aspdev.org/articles/web.config/
http://www.codeproject.com/KB/security/iiswmi.aspx
http://www.codeproject.com/KB/security/iiswmi.aspx?msg=1739049
http://blogs.msdn.com/b/shawnfa/archive/0001/01/01/400749.aspx
http://msdn.microsoft.com/en-us/library/ms524322%28VS.90%29.aspx
http://www.eggheadcafe.com/software/aspnet/33215307/setting-ip-restrictions-in-iis-7.aspx
I'm finding that there is a compatability issue with IIS 7/6 and using the Metabase - in that one can only add to it, not remove.
Is there a more current method for IIS 7/7.5 that can be used (in c# please) to admini开发者_运维问答strate the IPGrant table.
You can use Microsoft.Web.Administration, or AppCmd, or Javascript (COM - AHADMIN) to do that, here are a few examples on how to remove:
private static void Main() {
using(ServerManager serverManager = new ServerManager()) {
Configuration config = serverManager.GetApplicationHostConfiguration();
ConfigurationSection ipSecuritySection = config.GetSection("system.webServer/security/ipSecurity");
ConfigurationElementCollection ipSecurityCollection = ipSecuritySection.GetCollection();
ConfigurationElement addElement = FindElement(ipSecurityCollection, "add", "ipAddress", @"169.132.124.234", "subnetMask", @"255.255.255.255", "domainName", @"");
if (addElement == null) throw new InvalidOperationException("Element not found!");
ipSecurityCollection.Remove(addElement);
serverManager.CommitChanges();
}
}
private static ConfigurationElement FindElement(ConfigurationElementCollection collection, string elementTagName, params string[] keyValues) {
foreach (ConfigurationElement element in collection) {
if (String.Equals(element.ElementTagName, elementTagName, StringComparison.OrdinalIgnoreCase)) {
bool matches = true;
for (int i = 0; i < keyValues.Length; i += 2) {
object o = element.GetAttributeValue(keyValues[i]);
string value = null;
if (o != null) {
value = o.ToString();
}
if (!String.Equals(value, keyValues[i + 1], StringComparison.OrdinalIgnoreCase)) {
matches = false;
break;
}
}
if (matches) {
return element;
}
}
}
return null;
}
Using Javascript:
var adminManager = new ActiveXObject('Microsoft.ApplicationHost.WritableAdminManager'); adminManager.CommitPath = "MACHINE/WEBROOT/APPHOST";
var ipSecuritySection = adminManager.GetAdminSection("system.webServer/security/ipSecurity", "MACHINE/WEBROOT/APPHOST");
var ipSecurityCollection = ipSecuritySection.Collection;
var addElementPos = FindElement(ipSecurityCollection, "add", ["ipAddress", "169.132.124.234","subnetMask", "255.255.255.255","domainName", ""]); if (addElementPos == -1) throw "Element not found!";
ipSecurityCollection.DeleteElement(addElementPos);
adminManager.CommitChanges();
function FindElement(collection, elementTagName, valuesToMatch) { for (var i = 0; i < collection.Count; i++) { var element = collection.Item(i);
if (element.Name == elementTagName) {
var matches = true;
for (var iVal = 0; iVal < valuesToMatch.length; iVal += 2) {
var property = element.GetPropertyByName(valuesToMatch[iVal]);
var value = property.Value;
if (value != null) {
value = value.toString();
}
if (value != valuesToMatch[iVal + 1]) {
matches = false;
break;
}
}
if (matches) {
return i;
}
}
}
return -1;
}
And Finally AppCmd.exe:
appcmd.exe set config -section:system.webServer/security/ipSecurity /-"[ipAddress='169.132.124.234',subnetMask='255.255.255.255',domainName='']" /commit:apphost
加载中,请稍侯......
精彩评论