zydronium/websitepanel
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

AD Integration enabled on the IIS7 provider. This will allow to store site

Browse source 
content on a remote (highly available) filesystem and enabled the scenario
of webfarm with a shared IIS configuration as well.

The netbios domain name will need to be set in the configuration of the provider.
and off course "Create Active Directory accounts" checked as well
This commit is contained in:
robvde 2012-07-12 18:14:40 +04:00
parent 43b73aee66
commit c1e2aa8477
8 changed files with 159 additions and 37 deletions
Download patch file Download diff file Expand all files Collapse all files

6
WebsitePanel/Sources/WebsitePanel.EnterpriseServer/Code/WebServers/WebServerController.cs
View file

@ -2715,6 +2715,12 @@ namespace WebsitePanel.EnterpriseServer
// //
WebServer server = GetWebServer(item.ServiceId); WebServer server = GetWebServer(item.ServiceId);
StringDictionary webSettings = ServerController.GetServiceSettings(item.ServiceId);
if (webSettings["WmSvc.NETBIOS"] != null)
{
accountName = webSettings["WmSvc.NETBIOS"].ToString() + "\\" + accountName;
}
// //
if (server.CheckWebManagementAccountExists(accountName)) if (server.CheckWebManagementAccountExists(accountName))
{ {

15
WebsitePanel/Sources/WebsitePanel.Providers.Base/OS/SystemUser.cs
View file

@ -40,6 +40,8 @@ namespace WebsitePanel.Providers.OS
private string fullName; private string fullName;
private string description = "WebsitePanel system account"; private string description = "WebsitePanel system account";
private string password; private string password;
private string msIIS_FTPDir = "";
private string msIIS_FTPRoot = "";
private bool passwordCantChange; private bool passwordCantChange;
private bool passwordNeverExpires; private bool passwordNeverExpires;
private bool accountDisabled; private bool accountDisabled;
@ -98,5 +100,18 @@ namespace WebsitePanel.Providers.OS
get { return memberOf; } get { return memberOf; }
set { memberOf = value; } set { memberOf = value; }
} }
public string MsIIS_FTPDir
{
get { return msIIS_FTPDir; }
set { msIIS_FTPDir = value; }
}
public string MsIIS_FTPRoot
{
get { return msIIS_FTPRoot; }
set { msIIS_FTPRoot = value; }
}
} }
} }

128
WebsitePanel/Sources/WebsitePanel.Providers.Web.IIS70/IIs70.cs
View file

@ -325,6 +325,7 @@ namespace WebsitePanel.Providers.Web
public class WebManagementServiceSettings public class WebManagementServiceSettings
{ {
public string Port { get; set; } public string Port { get; set; }
public string NETBIOS { get; set; }
public string ServiceUrl { get; set; } public string ServiceUrl { get; set; }
public int RequiresWindowsCredentials { get; set; } public int RequiresWindowsCredentials { get; set; }
} }
@ -3500,7 +3501,7 @@ namespace WebsitePanel.Providers.Web
bool adEnabled = ServerSettings.ADEnabled; bool adEnabled = ServerSettings.ADEnabled;
// !!! Bypass AD for WMSVC as it requires full-qualified username to authenticate user // !!! Bypass AD for WMSVC as it requires full-qualified username to authenticate user
// against the web server // against the web server
ServerSettings.ADEnabled = false; //ServerSettings.ADEnabled = false;
if (IdentityCredentialsMode == "IISMNGR") if (IdentityCredentialsMode == "IISMNGR")
{ {
@ -3521,7 +3522,7 @@ namespace WebsitePanel.Providers.Web
bool adEnabled = ServerSettings.ADEnabled; bool adEnabled = ServerSettings.ADEnabled;
// !!! Bypass AD for WMSVC as it requires full-qualified username to authenticate user // !!! Bypass AD for WMSVC as it requires full-qualified username to authenticate user
// against the web server // against the web server
ServerSettings.ADEnabled = false; //ServerSettings.ADEnabled = false;
// //
ResultObject result = new ResultObject { IsSuccess = true }; ResultObject result = new ResultObject { IsSuccess = true };
@ -3556,7 +3557,7 @@ namespace WebsitePanel.Providers.Web
bool adEnabled = ServerSettings.ADEnabled; bool adEnabled = ServerSettings.ADEnabled;
// !!! Bypass AD for WMSVC as it requires full-qualified username to authenticate user // !!! Bypass AD for WMSVC as it requires full-qualified username to authenticate user
// against the web server // against the web server
ServerSettings.ADEnabled = false; //ServerSettings.ADEnabled = false;
// //
string fqWebPath = String.Format("/{0}", siteName); string fqWebPath = String.Format("/{0}", siteName);
@ -3565,6 +3566,32 @@ namespace WebsitePanel.Providers.Web
Log.WriteInfo("Site Name: {0}; Account Name: {1}; Account Password: {2}; FqWebPath: {3};", Log.WriteInfo("Site Name: {0}; Account Name: {1}; Account Password: {2}; FqWebPath: {3};",
siteName, accountName, accountPassword, fqWebPath); siteName, accountName, accountPassword, fqWebPath);
string contentPath = string.Empty;
using (ServerManager srvman = webObjectsSvc.GetServerManager())
{
WebSite site = webObjectsSvc.GetWebSiteFromIIS(srvman, siteName);
//
contentPath = webObjectsSvc.GetPhysicalPath(srvman, site);
//
Log.WriteInfo("Site Content Path: {0};", contentPath);
}
string FTPRoot = string.Empty;
string FTPDir = string.Empty;
if (contentPath.IndexOf("\\\\") != -1)
{
string[] Tmp = contentPath.Split('\\');
FTPRoot = "\\\\" + Tmp[2] + "\\" + Tmp[3];
FTPDir = contentPath.Replace(FTPRoot, "");
}
//
string accountNameSid = string.Empty;
// //
if (IdentityCredentialsMode == "IISMNGR") if (IdentityCredentialsMode == "IISMNGR")
{ {
@ -3583,40 +3610,33 @@ namespace WebsitePanel.Providers.Web
PasswordNeverExpires = true, PasswordNeverExpires = true,
AccountDisabled = false, AccountDisabled = false,
Password = accountPassword, Password = accountPassword,
System = true System = true,
MsIIS_FTPDir = FTPDir,
MsIIS_FTPRoot = FTPRoot
}, },
ServerSettings, ServerSettings,
String.Empty, UsersOU,
String.Empty); GroupsOU);
// Convert account name to the full-qualified one // Convert account name to the full-qualified one
accountName = GetFullQualifiedAccountName(accountName); accountName = GetFullQualifiedAccountName(accountName);
accountNameSid = GetFullQualifiedAccountNameSid(accountName);
// //
Log.WriteInfo("FQ Account Name: {0};", accountName); Log.WriteInfo("FQ Account Name: {0};", accountName);
} }
using (ServerManager srvman = webObjectsSvc.GetServerManager())
ManagementAuthorization.Grant(accountName, fqWebPath, false);
//
if (IdentityCredentialsMode == "IISMNGR")
{ {
// SecurityUtils.GrantNtfsPermissionsBySid(contentPath, SystemSID.LOCAL_SERVICE, permissions, true, true);
ManagementAuthorization.Grant(accountName, fqWebPath, false);
//
WebSite site = webObjectsSvc.GetWebSiteFromIIS(srvman, siteName);
//
string contentPath = webObjectsSvc.GetPhysicalPath(srvman, site);
//
Log.WriteInfo("Site Content Path: {0};", contentPath);
//
if (IdentityCredentialsMode == "IISMNGR")
{
SecurityUtils.GrantNtfsPermissionsBySid(contentPath, SystemSID.LOCAL_SERVICE, permissions, true, true);
}
else
{
SecurityUtils.GrantNtfsPermissions(contentPath, accountName, permissions, true, true, ServerSettings, String.Empty, String.Empty);
}
// Restore setting back
ServerSettings.ADEnabled = adEnabled;
} }
} else
{
SecurityUtils.GrantNtfsPermissions(contentPath, accountNameSid, NTFSPermission.Modify, true, true, ServerSettings, UsersOU, GroupsOU);
}
}
public override void ChangeWebManagementAccessPassword(string accountName, string accountPassword) public override void ChangeWebManagementAccessPassword(string accountName, string accountPassword)
@ -3625,7 +3645,7 @@ namespace WebsitePanel.Providers.Web
bool adEnabled = ServerSettings.ADEnabled; bool adEnabled = ServerSettings.ADEnabled;
// !!! Bypass AD for WMSVC as it requires full-qualified username to authenticate user // !!! Bypass AD for WMSVC as it requires full-qualified username to authenticate user
// against the web server // against the web server
ServerSettings.ADEnabled = false; //ServerSettings.ADEnabled = false;
// Trace input parameters // Trace input parameters
Log.WriteInfo("Account Name: {0}; Account Password: {1};", accountName, accountPassword); Log.WriteInfo("Account Name: {0}; Account Password: {1};", accountName, accountPassword);
@ -3653,7 +3673,7 @@ namespace WebsitePanel.Providers.Web
bool adEnabled = ServerSettings.ADEnabled; bool adEnabled = ServerSettings.ADEnabled;
// !!! Bypass AD for WMSVC as it requires full-qualified username to authenticate user // !!! Bypass AD for WMSVC as it requires full-qualified username to authenticate user
// against the web server // against the web server
ServerSettings.ADEnabled = false; //ServerSettings.ADEnabled = false;
// //
string fqWebPath = String.Format("/{0}", siteName); string fqWebPath = String.Format("/{0}", siteName);
// Trace input parameters // Trace input parameters
@ -3677,9 +3697,18 @@ namespace WebsitePanel.Providers.Web
} }
else else
{ {
ManagementAuthorization.Revoke(GetFullQualifiedAccountName(accountName), fqWebPath); if (adEnabled)
SecurityUtils.RemoveNtfsPermissions(contentPath, accountName, ServerSettings, String.Empty, String.Empty); {
SecurityUtils.DeleteUser(accountName, ServerSettings, String.Empty); ManagementAuthorization.Revoke(GetFullQualifiedAccountName(accountName), fqWebPath);
SecurityUtils.RemoveNtfsPermissions(contentPath, accountName, ServerSettings, UsersOU, GroupsOU);
SecurityUtils.DeleteUser(accountName, ServerSettings, UsersOU);
}
else
{
ManagementAuthorization.Revoke(GetFullQualifiedAccountName(accountName), fqWebPath);
SecurityUtils.RemoveNtfsPermissions(contentPath, accountName, ServerSettings, String.Empty, String.Empty);
SecurityUtils.DeleteUser(accountName, ServerSettings, String.Empty);
}
} }
// Restore setting back // Restore setting back
ServerSettings.ADEnabled = adEnabled; ServerSettings.ADEnabled = adEnabled;
@ -3749,10 +3778,14 @@ namespace WebsitePanel.Providers.Web
// Retrieve account name // Retrieve account name
if (scopeCollection.Count > 0) if (scopeCollection.Count > 0)
{ {
iisObject.SetValue<string>( /*
iisObject.SetValue<string>(
WebSite.WmSvcAccountName, WebSite.WmSvcAccountName,
GetNonQualifiedAccountName((String)scopeCollection[0]["name"])); GetNonQualifiedAccountName((String)scopeCollection[0]["name"]));
// */
iisObject.SetValue<string>(
WebSite.WmSvcAccountName, (String)scopeCollection[0]["name"]);
//
iisObject.SetValue<string>( iisObject.SetValue<string>(
WebSite.WmSvcServiceUrl, ProviderSettings["WmSvc.ServiceUrl"]); WebSite.WmSvcServiceUrl, ProviderSettings["WmSvc.ServiceUrl"]);
// //
@ -3906,6 +3939,31 @@ namespace WebsitePanel.Providers.Web
return domainName != null ? domainName + "\\" + accountName : accountName; return domainName != null ? domainName + "\\" + accountName : accountName;
} }
protected string GetFullQualifiedAccountNameSid(string accountName)
{
//
if (!ServerSettings.ADEnabled)
return String.Format(@"{0}\{1}", Environment.MachineName, accountName);
if (accountName.IndexOf("\\") != -1)
return accountName; // already has domain information
// DO IT FOR ACTIVE DIRECTORY MODE ONLY
string domainName = null;
try
{
DirectoryContext objContext = new DirectoryContext(DirectoryContextType.Domain, ServerSettings.ADRootDomain);
Domain objDomain = Domain.GetDomain(objContext);
domainName = objDomain.Name;
}
catch (Exception ex)
{
Log.WriteError("Get domain name error", ex);
}
return domainName != null ? domainName + "\\" + accountName : accountName;
}
#endregion #endregion
#region SSL #region SSL

12
WebsitePanel/Sources/WebsitePanel.Server.Utils/SecurityUtils.cs
View file

@ -507,6 +507,11 @@ namespace WebsitePanel.Providers.Utils
{ {
if (serverSettings.ADEnabled) if (serverSettings.ADEnabled)
{ {
if (user.Name.IndexOf("\\") != -1)
{
string[] tmpStr = user.Name.Split('\\');
user.Name = tmpStr[1];
}
//check is user name less than 20 symbols //check is user name less than 20 symbols
if (user.Name.Length > 20) if (user.Name.Length > 20)
@ -538,6 +543,13 @@ namespace WebsitePanel.Providers.Utils
SetObjectProperty(objUser, "UserPrincipalName", user.Name); SetObjectProperty(objUser, "UserPrincipalName", user.Name);
SetObjectProperty(objUser, "sAMAccountName", user.Name); SetObjectProperty(objUser, "sAMAccountName", user.Name);
SetObjectProperty(objUser, "UserPassword", user.Password); SetObjectProperty(objUser, "UserPassword", user.Password);
if (user.MsIIS_FTPDir != string.Empty)
{
SetObjectProperty(objUser, "msIIS-FTPDir", user.MsIIS_FTPDir);
SetObjectProperty(objUser, "msIIS-FTPRoot", user.MsIIS_FTPRoot);
}
objUser.Properties["userAccountControl"].Value = objUser.Properties["userAccountControl"].Value =
ADAccountOptions.UF_NORMAL_ACCOUNT | ADAccountOptions.UF_PASSWD_NOTREQD; ADAccountOptions.UF_NORMAL_ACCOUNT | ADAccountOptions.UF_PASSWD_NOTREQD;
objUser.CommitChanges(); objUser.CommitChanges();

7
WebsitePanel/Sources/WebsitePanel.WebPortal/DesktopModules/WebsitePanel/ProviderControls/App_LocalResources/IIS70_Settings.ascx.resx
View file

@ -112,10 +112,10 @@
<value>2.0</value> <value>2.0</value>
</resheader> </resheader>
<resheader name="reader"> <resheader name="reader">
<value>System.Resources.ResXResourceReader, System.Windows.Forms, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value> <value>System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
</resheader> </resheader>
<resheader name="writer"> <resheader name="writer">
<value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value> <value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
</resheader> </resheader>
<data name="lblADIntegration.Text" xml:space="preserve"> <data name="lblADIntegration.Text" xml:space="preserve">
<value>Active Directory Integration:</value> <value>Active Directory Integration:</value>
@ -246,4 +246,7 @@
<data name="ipAddress.SelectValueText" xml:space="preserve"> <data name="ipAddress.SelectValueText" xml:space="preserve">
<value>&lt;All unassigned&gt;</value> <value>&lt;All unassigned&gt;</value>
</data> </data>
<data name="lblWmSvcNETBIOS.Text" xml:space="preserve">
<value>NETBIOS Domain name:</value>
</data>
</root> </root>

8
WebsitePanel/Sources/WebsitePanel.WebPortal/DesktopModules/WebsitePanel/ProviderControls/IIS70_Settings.ascx
View file

@ -312,6 +312,14 @@
</asp:DropDownList> </asp:DropDownList>
</td> </td>
</tr> </tr>
<tr>
<td>
<asp:Label ID="Label1" runat="server" meta:resourcekey="lblWmSvcNETBIOS" Text="NETBIOS Domain:"></asp:Label>
</td>
<td class="Normal">
<asp:TextBox runat="server" ID="txtWmSvcNETBIOS" CssClass="NormalTextBox" Width="70px" />
</td>
</tr>
</table> </table>
</fieldset> </fieldset>

2
WebsitePanel/Sources/WebsitePanel.WebPortal/DesktopModules/WebsitePanel/ProviderControls/IIS70_Settings.ascx.cs
View file

@ -165,6 +165,7 @@ namespace WebsitePanel.Portal.ProviderControls
// //
txtWmSvcServicePort.Text = settings["WmSvc.Port"]; txtWmSvcServicePort.Text = settings["WmSvc.Port"];
txtWmSvcNETBIOS.Text = settings["WmSvc.NETBIOS"];
// //
string wmsvcServiceUrl = settings["WmSvc.ServiceUrl"]; string wmsvcServiceUrl = settings["WmSvc.ServiceUrl"];
// //
@ -235,6 +236,7 @@ namespace WebsitePanel.Portal.ProviderControls
settings["ProtectedGroupsFile"] = txtProtectedGroupsFile.Text.Trim(); settings["ProtectedGroupsFile"] = txtProtectedGroupsFile.Text.Trim();
settings["SecureFoldersModuleAssembly"] = txtSecureFoldersModuleAsm.Text.Trim(); settings["SecureFoldersModuleAssembly"] = txtSecureFoldersModuleAsm.Text.Trim();
settings["WmSvc.NETBIOS"] = txtWmSvcNETBIOS.Text.Trim();
settings["WmSvc.ServiceUrl"] = txtWmSvcServiceUrl.Text.Trim(); settings["WmSvc.ServiceUrl"] = txtWmSvcServiceUrl.Text.Trim();
settings["WmSvc.Port"] = Utils.ParseInt(txtWmSvcServicePort.Text.Trim(), 0).ToString(); settings["WmSvc.Port"] = Utils.ParseInt(txtWmSvcServicePort.Text.Trim(), 0).ToString();
settings["WmSvc.CredentialsMode"] = ddlWmSvcCredentialsMode.SelectedValue; settings["WmSvc.CredentialsMode"] = ddlWmSvcCredentialsMode.SelectedValue;

18
WebsitePanel/Sources/WebsitePanel.WebPortal/DesktopModules/WebsitePanel/ProviderControls/IIS70_Settings.ascx.designer.cs generated
View file

@ -480,6 +480,24 @@ namespace WebsitePanel.Portal.ProviderControls {
/// </remarks> /// </remarks>
protected global::System.Web.UI.WebControls.DropDownList ddlWmSvcCredentialsMode; protected global::System.Web.UI.WebControls.DropDownList ddlWmSvcCredentialsMode;
/// <summary>
/// Label1 control.
/// </summary>
/// <remarks>
/// Auto-generated field.
/// To modify move field declaration from designer file to code-behind file.
/// </remarks>
protected global::System.Web.UI.WebControls.Label Label1;
/// <summary>
/// txtWmSvcNETBIOS control.
/// </summary>
/// <remarks>
/// Auto-generated field.
/// To modify move field declaration from designer file to code-behind file.
/// </remarks>
protected global::System.Web.UI.WebControls.TextBox txtWmSvcNETBIOS;
/// <summary> /// <summary>
/// secColdFusion control. /// secColdFusion control.
/// </summary> /// </summary>