Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Can I programmatically manage (add/edit/delete) IIS 7 Sites from Coldfusion?

Using Coldfusion 8/9, how would I go about managing IIS7. For example:

I am building a website generator, when someone fills out a form, a website will be generated. A step in this process will be to create an IIS site with specific host headers/ip bindings. Another step may be to allow the user to upload a SSL certificate. That may not be possible, I am not sure. But I do know that there should be a way to interact with IIS7.

like image 580
Tyler Clendenin Avatar asked Oct 04 '10 21:10

Tyler Clendenin


2 Answers

Fortunately ColdFusion 8 and 9 can instantiate .NET components, this means you can access the .NET managed-code IIS administration API's:

Using Microsoft .NET Assemblies

IIS7 ships with two .NET managed-code management API's:

Microsoft.Web.Administration

Microsoft.Web.Management

These reside in: c:\windows\system32\inetsrv.

Using this functionality you should be able to consume these API's via ColdFusion to create websites and manage IIS functionality.

If there are problems calling these API's directly (i.e. some item of data doesn't marshal back to ColdFusion properly) you could always wrap calls to these API's with your own .NET code.

For more information about creating and managing websites using the API's above refer to the following links:

IIS 7 Configuration Reference

Powerful Administration Tools

How to Use Microsoft.Web.Administration

Managed-Code API Reference (IIS 7)

It should also be noted that the Windows account the site runs under should be a member of the Administrators group to manage IIS via these API's.

If this was a public facing site then I'd split the application in two. Your public facing ColdFusion (running under a low privileged account) site collects information about the site to be created. Post this data as a task into a queue (can be as simple as a database) of some sort to be read by either a scheduled task or a Windows service (running as a highly privileged user) which picks these tasks off of the queue periodically (say once every 15 or 30 seconds).

This is known as 'sandboxing' and means that if your ColdFusion site is hijacked then it's not running under elevated rights and can't do much damage. All the highly privileged tasks are sandboxed in a process that isn't surfaced via the web.

like image 139
Kev Avatar answered Nov 13 '22 09:11

Kev


For CF7, I guess you can invoke powershell script with cfexecute?

http://learn.iis.net/page.aspx/433/powershell-snap-in-creating-web-sites-web-applications-virtual-directories-and-application-pools/

like image 35
Henry Avatar answered Nov 13 '22 10:11

Henry