通过 C# 进行 IIS 7 远程管理
我一直在研究 Microsoft.Web.Administration.dll 和 ServerManager 类,试图控制我们的 Windows Server 2008 IIS 7 实例。
我已启用远程管理,并且可以通过 IIS 远程管理工具进行连接。但是,当我尝试使用以下命令时,我无法连接:
ServerManager.OpenRemote(serverName);
此类不允许我像 IIS 远程管理工具那样在远程 IIS 7 服务器上指定用户名和密码。
这一切都是通过我们的构建过程使用 NAnt 调用的。
其他人如何控制远程 IIS 7 服务器作为其 CI 设置的一部分?
I have been looking into the Microsoft.Web.Administration.dll and the ServerManager class, trying to control our Windows Server 2008 IIS 7 instance.
I have enabled remote administration and can connect via the IIS remote administration tool. However, when I try and use the following, I cannot connect:
ServerManager.OpenRemote(serverName);
This class does not allow me to specify a username and password on the remote IIS 7 server, as the IIS remote administrator tool does.
This is all being called via our build process using NAnt.
How do others control their remote IIS 7 server as part of their CI setup?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
您需要在具有更改配置文件的正确权限的域用户(Active Directory 用户)下运行该应用程序。
Windows 身份验证将完成剩下的工作。
You will need to run the application under a domain user (Active Directory user) that has the right permissions to change the configuration files.
Windows authentication will do the rest.
正如 Oded 所说,您需要 Active Directory能够使用
ServerManager打开到远程服务器的连接。假设您有管理员 RDP 访问服务器,则有一种替代方法是使用 WinRM 和远程 PowerShell(与最新版本 WinRM 附带的 PowerShell 2.0 配合使用效果最佳):
为不在域中的两台计算机快速配置 WinRM:
客户端:
winrm quickconfig (just say yes) winrm set winrm/config/Client/Auth '@{Basic="true"}' :: Only do this next line if not using HTTPS winrm set winrm/config/Client '@{AllowUnencrypted="true"}' winrm set winrm/config/Client '@{TrustedHosts="hostname_or_ip"}'服务器:
winrm quickconfig (just say yes) winrm set winrm/config/Service/Auth '@{Basic="true"}' :: See: http://support.microsoft.com/kb/2019527 regarding https winrm quickconfig -transport:https :: Only do this if not using HTTPS AND you are happy about sending credentials :: in clear text. winrm set winrm/config/Service '@{AllowUnencrypted="true"}'现在有一些注意事项。 WinRM 将在 Windows 防火墙中为侦听器的端口 5985 和 5986 打一个洞(如果运行 Windows Server 2003 它将使用端口 80 和 443)。这可能不符合您的喜好,您最好与网络管理员讨论如何确保其安全。
配置 WinRM 后,您将需要在作为管理员组成员的远程服务器上配置用户帐户。完成后就可以测试了。在构建服务器上:
如果一切顺利,您应该看到以下响应:
wsmid : http://schemas.dmtf.org/wbem/wsman/identity/1/wsmanidentity.x sd ProtocolVersion : http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd ProductVendor : Microsoft Corporation ProductVersion : OS: 6.1.7600 SP: 0.0 Stack: 2.0接下来是连接到远程 PowerShell 会话:
如果成功,您应该在远程计算机上看到 PowerShell 提示符。
使用远程 PowerShell,您可以加载 PowerShell 的 Web 管理提供程序并按照您的意愿操作 IIS 的许多方面:
要连接到远程服务器,您需要提供一个
PSCredential对象。如上所述,您可以使用以下方式提供此信息:但是,这总是需要键盘进行一些交互来提供用户名和密码。显然这对于自动化 CI 没有好处。
但是,您可以将密码存储在文件中。为此,只需运行以下命令一次(或每当密码更改时):
然后,当您需要创建
PSCredential来向远程服务器进行身份验证时:上述脚本源自以下博客条目,但我已复制并保存在此处,以防文章变黑:
无论如何,一旦您连接到远程服务器,您就可以发出进一步的命令,例如:
等等。
如果这台机器面向互联网并且唯一的访问方式是通过互联网,则应谨慎对待上述大多数内容。如果是这种情况,请考虑将 WinRM 端口仅限于 VPN。
As Oded says, you need Active Directory to be able to open a connection to a remote server using
ServerManager.Assuming you have administrator RDP access server there is an alternative which is to use WinRM and Remote PowerShell (works best with PowerShell 2.0 which comes with the latest version of WinRM) in your build scripts:
To quickly configure WinRM for two machines that are not in a domain:
Client:
winrm quickconfig (just say yes) winrm set winrm/config/Client/Auth '@{Basic="true"}' :: Only do this next line if not using HTTPS winrm set winrm/config/Client '@{AllowUnencrypted="true"}' winrm set winrm/config/Client '@{TrustedHosts="hostname_or_ip"}'Server:
winrm quickconfig (just say yes) winrm set winrm/config/Service/Auth '@{Basic="true"}' :: See: http://support.microsoft.com/kb/2019527 regarding https winrm quickconfig -transport:https :: Only do this if not using HTTPS AND you are happy about sending credentials :: in clear text. winrm set winrm/config/Service '@{AllowUnencrypted="true"}'Now there are some caveats. WinRM will punch a hole in Windows Firewall for ports 5985 and 5986 for the listener (if running Windows Server 2003 it'll use port 80 and 443). This may not be to your liking and you'd probably best speak to your network admins about how to secure that.
Once you have WinRM configured you'll need user account configured on the remote server that is a member of the administrators group. Once done you can then test. On the build server:
If all is good you should see the following response:
wsmid : http://schemas.dmtf.org/wbem/wsman/identity/1/wsmanidentity.x sd ProtocolVersion : http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd ProductVendor : Microsoft Corporation ProductVersion : OS: 6.1.7600 SP: 0.0 Stack: 2.0The next thing is to connect to a remote PowerShell session:
If this is successful you should have a PowerShell prompt on the remote machine.
Using Remote PowerShell you can then load the WebAdministration Provider for PowerShell and manipulate many aspects of IIS to your hearts content:
To connect to the remote server you need to provide a
PSCredentialobject. As mentioned above you would provide this using:However, this always demands some interaction from the keyboard to provide a username and password. Obviously this is no good for automated CI.
You can however store the password in a file. To do this run the following just once (or whenever the password changes):
Then when you need to create your
PSCredentialto authenticate to the remote server:The above script was sourced from the following blog entry but I've duplicated to preserve here just in case that article goes dark:
Anyway, so once you're connected to the remote server you can issue further commands such as:
And so on.
Most of the above should be approached with caution if this machine is internet facing and the only way to access is via the internet. If this is the case consider restricting the WinRM ports to VPN only.
最后我写了一个 WCF 服务,它作为服务运行在远程计算机上。该服务在具有管理员权限的本地帐户下运行,以便可以更改该计算机上的本地 IIS 实例。
在我的 NAnt 脚本中,我有一系列与 WCF 服务通信并根据需要更改 IIS 设置的自定义任务。
由于这是一个内部开发环境,我不太关心安全性,并且我允许对 IIS 进行的实际更改非常基本。
I wrote a WCF service in the end, which runs on the remote machine as a service. The service runs under a local account with administrator rights so that the local IIS instance on that machine can be changed.
From my NAnt script I have a series of custom tasks that communicate to the WCF service and change IIS settings as required.
As this is an internal dev environment I am not too concerned about security and the actual changes to IIS I am allowed are very basic.