AD Integration enabled on the IIS7 provider. This will allow to store site

content on a remote (highly available) filesystem and enabled the scenario
of webfarm with a shared IIS configuration as well.

The netbios domain name will need to be set in the configuration of the provider.
and off course "Create Active Directory accounts" checked as well
This commit is contained in:
robvde 2012-07-12 18:14:40 +04:00
parent 43b73aee66
commit c1e2aa8477
8 changed files with 159 additions and 37 deletions

View file

@ -325,6 +325,7 @@ namespace WebsitePanel.Providers.Web
public class WebManagementServiceSettings
{
public string Port { get; set; }
public string NETBIOS { get; set; }
public string ServiceUrl { get; set; }
public int RequiresWindowsCredentials { get; set; }
}
@ -3500,7 +3501,7 @@ namespace WebsitePanel.Providers.Web
bool adEnabled = ServerSettings.ADEnabled;
// !!! Bypass AD for WMSVC as it requires full-qualified username to authenticate user
// against the web server
ServerSettings.ADEnabled = false;
//ServerSettings.ADEnabled = false;
if (IdentityCredentialsMode == "IISMNGR")
{
@ -3521,7 +3522,7 @@ namespace WebsitePanel.Providers.Web
bool adEnabled = ServerSettings.ADEnabled;
// !!! Bypass AD for WMSVC as it requires full-qualified username to authenticate user
// against the web server
ServerSettings.ADEnabled = false;
//ServerSettings.ADEnabled = false;
//
ResultObject result = new ResultObject { IsSuccess = true };
@ -3556,7 +3557,7 @@ namespace WebsitePanel.Providers.Web
bool adEnabled = ServerSettings.ADEnabled;
// !!! Bypass AD for WMSVC as it requires full-qualified username to authenticate user
// against the web server
ServerSettings.ADEnabled = false;
//ServerSettings.ADEnabled = false;
//
string fqWebPath = String.Format("/{0}", siteName);
@ -3565,6 +3566,32 @@ namespace WebsitePanel.Providers.Web
Log.WriteInfo("Site Name: {0}; Account Name: {1}; Account Password: {2}; FqWebPath: {3};",
siteName, accountName, accountPassword, fqWebPath);
string contentPath = string.Empty;
using (ServerManager srvman = webObjectsSvc.GetServerManager())
{
WebSite site = webObjectsSvc.GetWebSiteFromIIS(srvman, siteName);
//
contentPath = webObjectsSvc.GetPhysicalPath(srvman, site);
//
Log.WriteInfo("Site Content Path: {0};", contentPath);
}
string FTPRoot = string.Empty;
string FTPDir = string.Empty;
if (contentPath.IndexOf("\\\\") != -1)
{
string[] Tmp = contentPath.Split('\\');
FTPRoot = "\\\\" + Tmp[2] + "\\" + Tmp[3];
FTPDir = contentPath.Replace(FTPRoot, "");
}
//
string accountNameSid = string.Empty;
//
if (IdentityCredentialsMode == "IISMNGR")
{
@ -3583,40 +3610,33 @@ namespace WebsitePanel.Providers.Web
PasswordNeverExpires = true,
AccountDisabled = false,
Password = accountPassword,
System = true
System = true,
MsIIS_FTPDir = FTPDir,
MsIIS_FTPRoot = FTPRoot
},
ServerSettings,
String.Empty,
String.Empty);
UsersOU,
GroupsOU);
// Convert account name to the full-qualified one
accountName = GetFullQualifiedAccountName(accountName);
accountName = GetFullQualifiedAccountName(accountName);
accountNameSid = GetFullQualifiedAccountNameSid(accountName);
//
Log.WriteInfo("FQ Account Name: {0};", accountName);
}
using (ServerManager srvman = webObjectsSvc.GetServerManager())
ManagementAuthorization.Grant(accountName, fqWebPath, false);
//
if (IdentityCredentialsMode == "IISMNGR")
{
//
ManagementAuthorization.Grant(accountName, fqWebPath, false);
//
WebSite site = webObjectsSvc.GetWebSiteFromIIS(srvman, siteName);
//
string contentPath = webObjectsSvc.GetPhysicalPath(srvman, site);
//
Log.WriteInfo("Site Content Path: {0};", contentPath);
//
if (IdentityCredentialsMode == "IISMNGR")
{
SecurityUtils.GrantNtfsPermissionsBySid(contentPath, SystemSID.LOCAL_SERVICE, permissions, true, true);
}
else
{
SecurityUtils.GrantNtfsPermissions(contentPath, accountName, permissions, true, true, ServerSettings, String.Empty, String.Empty);
}
// Restore setting back
ServerSettings.ADEnabled = adEnabled;
SecurityUtils.GrantNtfsPermissionsBySid(contentPath, SystemSID.LOCAL_SERVICE, permissions, true, true);
}
}
else
{
SecurityUtils.GrantNtfsPermissions(contentPath, accountNameSid, NTFSPermission.Modify, true, true, ServerSettings, UsersOU, GroupsOU);
}
}
public override void ChangeWebManagementAccessPassword(string accountName, string accountPassword)
@ -3625,7 +3645,7 @@ namespace WebsitePanel.Providers.Web
bool adEnabled = ServerSettings.ADEnabled;
// !!! Bypass AD for WMSVC as it requires full-qualified username to authenticate user
// against the web server
ServerSettings.ADEnabled = false;
//ServerSettings.ADEnabled = false;
// Trace input parameters
Log.WriteInfo("Account Name: {0}; Account Password: {1};", accountName, accountPassword);
@ -3653,7 +3673,7 @@ namespace WebsitePanel.Providers.Web
bool adEnabled = ServerSettings.ADEnabled;
// !!! Bypass AD for WMSVC as it requires full-qualified username to authenticate user
// against the web server
ServerSettings.ADEnabled = false;
//ServerSettings.ADEnabled = false;
//
string fqWebPath = String.Format("/{0}", siteName);
// Trace input parameters
@ -3677,9 +3697,18 @@ namespace WebsitePanel.Providers.Web
}
else
{
ManagementAuthorization.Revoke(GetFullQualifiedAccountName(accountName), fqWebPath);
SecurityUtils.RemoveNtfsPermissions(contentPath, accountName, ServerSettings, String.Empty, String.Empty);
SecurityUtils.DeleteUser(accountName, ServerSettings, String.Empty);
if (adEnabled)
{
ManagementAuthorization.Revoke(GetFullQualifiedAccountName(accountName), fqWebPath);
SecurityUtils.RemoveNtfsPermissions(contentPath, accountName, ServerSettings, UsersOU, GroupsOU);
SecurityUtils.DeleteUser(accountName, ServerSettings, UsersOU);
}
else
{
ManagementAuthorization.Revoke(GetFullQualifiedAccountName(accountName), fqWebPath);
SecurityUtils.RemoveNtfsPermissions(contentPath, accountName, ServerSettings, String.Empty, String.Empty);
SecurityUtils.DeleteUser(accountName, ServerSettings, String.Empty);
}
}
// Restore setting back
ServerSettings.ADEnabled = adEnabled;
@ -3749,10 +3778,14 @@ namespace WebsitePanel.Providers.Web
// Retrieve account name
if (scopeCollection.Count > 0)
{
iisObject.SetValue<string>(
/*
iisObject.SetValue<string>(
WebSite.WmSvcAccountName,
GetNonQualifiedAccountName((String)scopeCollection[0]["name"]));
//
*/
iisObject.SetValue<string>(
WebSite.WmSvcAccountName, (String)scopeCollection[0]["name"]);
//
iisObject.SetValue<string>(
WebSite.WmSvcServiceUrl, ProviderSettings["WmSvc.ServiceUrl"]);
//
@ -3906,6 +3939,31 @@ namespace WebsitePanel.Providers.Web
return domainName != null ? domainName + "\\" + accountName : accountName;
}
protected string GetFullQualifiedAccountNameSid(string accountName)
{
//
if (!ServerSettings.ADEnabled)
return String.Format(@"{0}\{1}", Environment.MachineName, accountName);
if (accountName.IndexOf("\\") != -1)
return accountName; // already has domain information
// DO IT FOR ACTIVE DIRECTORY MODE ONLY
string domainName = null;
try
{
DirectoryContext objContext = new DirectoryContext(DirectoryContextType.Domain, ServerSettings.ADRootDomain);
Domain objDomain = Domain.GetDomain(objContext);
domainName = objDomain.Name;
}
catch (Exception ex)
{
Log.WriteError("Get domain name error", ex);
}
return domainName != null ? domainName + "\\" + accountName : accountName;
}
#endregion
#region SSL