zydronium/websitepanel
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

AD Integration enabled on the IIS7 provider. This will allow to store site

Browse source 
content on a remote (highly available) filesystem and enabled the scenario
of webfarm with a shared IIS configuration as well.

The netbios domain name will need to be set in the configuration of the provider.
and off course "Create Active Directory accounts" checked as well
This commit is contained in:
robvde 2012-07-12 18:14:40 +04:00
parent 43b73aee66
commit c1e2aa8477
8 changed files with 159 additions and 37 deletions
Download patch file Download diff file Expand all files Collapse all files

128
WebsitePanel/Sources/WebsitePanel.Providers.Web.IIS70/IIs70.cs
View file

@ -325,6 +325,7 @@ namespace WebsitePanel.Providers.Web
public class WebManagementServiceSettings
{
public string Port { get; set; }
public string NETBIOS { get; set; }
public string ServiceUrl { get; set; }
public int RequiresWindowsCredentials { get; set; }
}
@ -3500,7 +3501,7 @@ namespace WebsitePanel.Providers.Web
bool adEnabled = ServerSettings.ADEnabled;
// !!! Bypass AD for WMSVC as it requires full-qualified username to authenticate user
// against the web server
ServerSettings.ADEnabled = false;
//ServerSettings.ADEnabled = false;
if (IdentityCredentialsMode == "IISMNGR")
{
@ -3521,7 +3522,7 @@ namespace WebsitePanel.Providers.Web
bool adEnabled = ServerSettings.ADEnabled;
// !!! Bypass AD for WMSVC as it requires full-qualified username to authenticate user
// against the web server
ServerSettings.ADEnabled = false;
//ServerSettings.ADEnabled = false;
//
ResultObject result = new ResultObject { IsSuccess = true };
@ -3556,7 +3557,7 @@ namespace WebsitePanel.Providers.Web
bool adEnabled = ServerSettings.ADEnabled;
// !!! Bypass AD for WMSVC as it requires full-qualified username to authenticate user
// against the web server
ServerSettings.ADEnabled = false;
//ServerSettings.ADEnabled = false;
//
string fqWebPath = String.Format("/{0}", siteName);
@ -3565,6 +3566,32 @@ namespace WebsitePanel.Providers.Web
Log.WriteInfo("Site Name: {0}; Account Name: {1}; Account Password: {2}; FqWebPath: {3};",
siteName, accountName, accountPassword, fqWebPath);
string contentPath = string.Empty;
using (ServerManager srvman = webObjectsSvc.GetServerManager())
{
WebSite site = webObjectsSvc.GetWebSiteFromIIS(srvman, siteName);
//
contentPath = webObjectsSvc.GetPhysicalPath(srvman, site);
//
Log.WriteInfo("Site Content Path: {0};", contentPath);
}
string FTPRoot = string.Empty;
string FTPDir = string.Empty;
if (contentPath.IndexOf("\\\\") != -1)
{
string[] Tmp = contentPath.Split('\\');
FTPRoot = "\\\\" + Tmp[2] + "\\" + Tmp[3];
FTPDir = contentPath.Replace(FTPRoot, "");
}
//
string accountNameSid = string.Empty;
//
if (IdentityCredentialsMode == "IISMNGR")
{
@ -3583,40 +3610,33 @@ namespace WebsitePanel.Providers.Web
PasswordNeverExpires = true,
AccountDisabled = false,
Password = accountPassword,
System = true
System = true,
MsIIS_FTPDir = FTPDir,
MsIIS_FTPRoot = FTPRoot
},
ServerSettings,
String.Empty,
String.Empty);
UsersOU,
GroupsOU);
// Convert account name to the full-qualified one
accountName = GetFullQualifiedAccountName(accountName);
accountName = GetFullQualifiedAccountName(accountName);
accountNameSid = GetFullQualifiedAccountNameSid(accountName);
//
Log.WriteInfo("FQ Account Name: {0};", accountName);
}
using (ServerManager srvman = webObjectsSvc.GetServerManager())
ManagementAuthorization.Grant(accountName, fqWebPath, false);
//
if (IdentityCredentialsMode == "IISMNGR")
{
//
ManagementAuthorization.Grant(accountName, fqWebPath, false);
//
WebSite site = webObjectsSvc.GetWebSiteFromIIS(srvman, siteName);
//
string contentPath = webObjectsSvc.GetPhysicalPath(srvman, site);
//
Log.WriteInfo("Site Content Path: {0};", contentPath);
//
if (IdentityCredentialsMode == "IISMNGR")
{
SecurityUtils.GrantNtfsPermissionsBySid(contentPath, SystemSID.LOCAL_SERVICE, permissions, true, true);
}
else
{
SecurityUtils.GrantNtfsPermissions(contentPath, accountName, permissions, true, true, ServerSettings, String.Empty, String.Empty);
}
// Restore setting back
ServerSettings.ADEnabled = adEnabled;
SecurityUtils.GrantNtfsPermissionsBySid(contentPath, SystemSID.LOCAL_SERVICE, permissions, true, true);
}
}
else
{
SecurityUtils.GrantNtfsPermissions(contentPath, accountNameSid, NTFSPermission.Modify, true, true, ServerSettings, UsersOU, GroupsOU);
}
}
public override void ChangeWebManagementAccessPassword(string accountName, string accountPassword)
@ -3625,7 +3645,7 @@ namespace WebsitePanel.Providers.Web
bool adEnabled = ServerSettings.ADEnabled;
// !!! Bypass AD for WMSVC as it requires full-qualified username to authenticate user
// against the web server
ServerSettings.ADEnabled = false;
//ServerSettings.ADEnabled = false;
// Trace input parameters
Log.WriteInfo("Account Name: {0}; Account Password: {1};", accountName, accountPassword);
@ -3653,7 +3673,7 @@ namespace WebsitePanel.Providers.Web
bool adEnabled = ServerSettings.ADEnabled;
// !!! Bypass AD for WMSVC as it requires full-qualified username to authenticate user
// against the web server
ServerSettings.ADEnabled = false;
//ServerSettings.ADEnabled = false;
//
string fqWebPath = String.Format("/{0}", siteName);
// Trace input parameters
@ -3677,9 +3697,18 @@ namespace WebsitePanel.Providers.Web
}
else
{
ManagementAuthorization.Revoke(GetFullQualifiedAccountName(accountName), fqWebPath);
SecurityUtils.RemoveNtfsPermissions(contentPath, accountName, ServerSettings, String.Empty, String.Empty);
SecurityUtils.DeleteUser(accountName, ServerSettings, String.Empty);
if (adEnabled)
{
ManagementAuthorization.Revoke(GetFullQualifiedAccountName(accountName), fqWebPath);
SecurityUtils.RemoveNtfsPermissions(contentPath, accountName, ServerSettings, UsersOU, GroupsOU);
SecurityUtils.DeleteUser(accountName, ServerSettings, UsersOU);
}
else
{
ManagementAuthorization.Revoke(GetFullQualifiedAccountName(accountName), fqWebPath);
SecurityUtils.RemoveNtfsPermissions(contentPath, accountName, ServerSettings, String.Empty, String.Empty);
SecurityUtils.DeleteUser(accountName, ServerSettings, String.Empty);
}
}
// Restore setting back
ServerSettings.ADEnabled = adEnabled;
@ -3749,10 +3778,14 @@ namespace WebsitePanel.Providers.Web
// Retrieve account name
if (scopeCollection.Count > 0)
{
iisObject.SetValue<string>(
/*
iisObject.SetValue<string>(
WebSite.WmSvcAccountName,
GetNonQualifiedAccountName((String)scopeCollection[0]["name"]));
//
*/
iisObject.SetValue<string>(
WebSite.WmSvcAccountName, (String)scopeCollection[0]["name"]);
//
iisObject.SetValue<string>(
WebSite.WmSvcServiceUrl, ProviderSettings["WmSvc.ServiceUrl"]);
//
@ -3906,6 +3939,31 @@ namespace WebsitePanel.Providers.Web
return domainName != null ? domainName + "\\" + accountName : accountName;
}
protected string GetFullQualifiedAccountNameSid(string accountName)
{
//
if (!ServerSettings.ADEnabled)
return String.Format(@"{0}\{1}", Environment.MachineName, accountName);
if (accountName.IndexOf("\\") != -1)
return accountName; // already has domain information
// DO IT FOR ACTIVE DIRECTORY MODE ONLY
string domainName = null;
try
{
DirectoryContext objContext = new DirectoryContext(DirectoryContextType.Domain, ServerSettings.ADRootDomain);
Domain objDomain = Domain.GetDomain(objContext);
domainName = objDomain.Name;
}
catch (Exception ex)
{
Log.WriteError("Get domain name error", ex);
}
return domainName != null ? domainName + "\\" + accountName : accountName;
}
#endregion
#region SSL