Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Assign User to IIS AppPool via Powershell

Tags:

powershell

iis-7

I tried this code and it appears to work fine. However, i noticed if you assign the username and password to an account that does not exist the code continues without issue. In addition, if you assign an invalid account and call stop() and then start() the IIS pool indeed stops and starts!! Furthermore, when I go to InetMgr and start,stop or recylce the pool it also stops and starts without complaining!

I was hoping that adding an invalid account would throw an error effectively allowing me to test the validity of an account. Why does it behave this way? 

$loginfile = "d:\temp\Logins.csv"
$csv = Import-Csv -path $loginfile
ForEach($line in $csv){

   $poolid = "MyDomain\" + $line.Login;
   Write-Host "Assigning User to Pool:" $poolid;

   $testpool = get-item iis:\apppools\test;
   $testpool.processModel.userName = $poolid;
   $testpool.processModel.password = $line.Pwd;
   $testpool.processModel.identityType = 3;
   $testpool | Set-Item
   $testpool.Stop();
   $testpool.Start();
   Write-Host "IIS Recycled";

   $testpool = get-item iis:\apppools\test;
   write-host "New Pool User: " $testpool.processModel.userName;
   write-host "New Pool PWd: " $testpool.processModel.password;
}
like image 911
ChiliYago Avatar asked Mar 24 '11 23:03

ChiliYago

1 Answers

You should always validate your credentials before setting the pool identity. This can be accomplished via the PrincipalContext .NET class -- specifically look at PrincipalContext.ValidateCredentials(user, password).

Sample:

#-- Make sure the proper Assembly is loaded
[System.Reflection.Assembly]::LoadWithPartialName("System.DirectoryServices.AccountManagement") | out-null

#-- Code to check user credentials -- put in function but here are the guts
#-- Recommend you use SecureStrings and convert where needed
$ct = [System.DirectoryServices.AccountManagement.ContextType]::Domain
$pc = New-Object System.DirectoryServices.AccountManagement.PrincipalContext -ArgumentList $ct,"domainname"
$isValid = $pc.ValidateCredentials("myuser","mypassword")

If local account change the $ct to 'Machine' ContextType.

like image 98
user727883 Avatar answered Sep 20 '22 14:09

user727883
Sign in to Comment

Related questions

Is smooth deployment possible with componentized ASP.NET MVC apps?
server DNS address could not be found - iis
Is it possible to run WIF without LoadUserProfile = True
Error using appcmd to add ssl binding
How do I get a HTML5 Video to work using IE10
ASP.NET Application Goes to 500.21 ... until IIS Reset + Clear Tempoary ASP.NET Cache
ASP.NET Application hosted on IIS7 that is ignoring custom errors and falls back to IIS errors
Is it possible to slow down IIS?
MVC3 Strange error after switching on compilation of views
HttpHandler not working in IIS 7
IIS App Pool/Restart and ASP.NET
HttpError will not show custom error pages
Local website renders differently using (IP address or machine name) vs localhost?
Service Unavailable 503 + The HTTP service located at http://localhost/ProductsService/Service.svc is too busy
Routing HTTP Error 404.0 0x80070002
ASP.NET MVC4 not handling POST requests in IIS7 integrated mode, but in IIS7.5
HttpModule.Init - safely add HttpApplication.BeginRequest handler in IIS7 integrated mode
Is it safe to set validateIntegratedModeConfiguration=false in order to continue using identity impersonate=true?
HTTP Keep Alive in a large Web Applications
How do I stop IIS7 from putting out its own 404 before my MVC app gets a chance to handle it?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!