通过 C# 进行 IIS 7 远程管理

发布于 2024-10-27 05:13:40 字数 535 浏览 3 评论 0原文

我一直在研究 Microsoft.Web.Administration.dll 和 ServerManager 类,试图控制我们的 Windows Server 2008 IIS 7 实例。

我已启用远程管理,并且可以通过 IIS 远程管理工具进行连接。但是,当我尝试使用以下命令时,我无法连接:

ServerManager.OpenRemote(serverName);

此类不允许我像 IIS 远程管理工具那样在远程 IIS 7 服务器上指定用户名和密码。

这一切都是通过我们的构建过程使用 NAnt 调用的。

其他人如何控制远程 IIS 7 服务器作为其 CI 设置的一部分?

I have been looking into the Microsoft.Web.Administration.dll and the ServerManager class, trying to control our Windows Server 2008 IIS 7 instance.

I have enabled remote administration and can connect via the IIS remote administration tool. However, when I try and use the following, I cannot connect:

ServerManager.OpenRemote(serverName);

This class does not allow me to specify a username and password on the remote IIS 7 server, as the IIS remote administrator tool does.

This is all being called via our build process using NAnt.

How do others control their remote IIS 7 server as part of their CI setup?

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(3

遥远的她 2024-11-03 05:13:40

您需要在具有更改配置文件的正确权限的域用户(Active Directory 用户)下运行该应用程序。

Windows 身份验证将完成剩下的工作。

You will need to run the application under a domain user (Active Directory user) that has the right permissions to change the configuration files.

Windows authentication will do the rest.

得不到的就毁灭 2024-11-03 05:13:40

正如 Oded 所说,您需要 Active Directory能够使用ServerManager打开到远程服务器的连接。

假设您有管理员 RDP 访问服务器,则有一种替代方法是使用 WinRM 和远程 PowerShell(与最新版本 WinRM 附带的 PowerShell 2.0 配合使用效果最佳):

Windows 远程管理命令行工具 (Winrm .cmd)

为不在域中的两台计算机快速配置 WinRM:

客户端:

winrm quickconfig  (just say yes)
winrm set winrm/config/Client/Auth '@{Basic="true"}'
:: Only do this next line if not using HTTPS
winrm set winrm/config/Client '@{AllowUnencrypted="true"}'
winrm set winrm/config/Client '@{TrustedHosts="hostname_or_ip"}'

服务器:

winrm quickconfig (just say yes)
winrm set winrm/config/Service/Auth '@{Basic="true"}'

:: See: http://support.microsoft.com/kb/2019527 regarding https
winrm quickconfig -transport:https

:: Only do this if not using HTTPS AND you are happy about sending credentials
:: in clear text.
winrm set winrm/config/Service '@{AllowUnencrypted="true"}'

现在有一些注意事项。 WinRM 将在 Windows 防火墙中为侦听器的端口 5985 和 5986 打一个洞(如果运行 Windows Server 2003 它将使用端口 80 和 443)。这可能不符合您的喜好,您最好与网络管理员讨论如何确保其安全。

配置 WinRM 后,您将需要在作为管理员组成员的远程服务器上配置用户帐户。完成后就可以测试了。在构建服务器上:

# the following line will prompt for a username and password, enter the name of the account
# you just configured on the IIS box
$cred = Get-Credential

# next test the connection
Test-WSMan -ComputerName <server_name_or_ip> -Authentication default `
           -Credential $cred

如果一切顺利,您应该看到以下响应:

wsmid           : http://schemas.dmtf.org/wbem/wsman/identity/1/wsmanidentity.x
                  sd
ProtocolVersion : http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd
ProductVendor   : Microsoft Corporation
ProductVersion  : OS: 6.1.7600 SP: 0.0 Stack: 2.0

接下来是连接到远程 PowerShell 会话:

Enter-PSSession <server_name_or_ip_address> -Authentication default -Credential $cred

如果成功,您应该在远程计算机上看到 PowerShell 提示符。

使用远程 PowerShell,您可以加载 PowerShell 的 Web 管理提供程序并按照您的意愿操作 IIS 的许多方面:

Windows PowerShell 的 Web 管理 (IIS) 提供程序

要连接到远程服务器,您需要提供一个 PSCredential 对象。如上所述,您可以使用以下方式提供此信息:

$cred = Get-Credential

但是,这总是需要键盘进行一些交互来提供用户名和密码。显然这对于​​自动化 CI 没有好处。

但是,您可以将密码存储在文件中。为此,只需运行以下命令一次(或每当密码更改时):

read-host -assecurestring | convertfrom-securestring | out-file C:\securestring.txt

然后,当您需要创建 PSCredential 来向远程服务器进行身份验证时:

$username = "deployment_user"
$password = cat C:\securestring.txt | convertto-securestring
$cred = new-object -typename System.Management.Automation.PSCredential `
         -argumentlist $username, $password

$serverNameOrIp = "192.168.1.1"
Enter-PSSession $serverNameOrIp -Authentication default -Credential $cred

上述脚本源自以下博客条目,但我已复制并保存在此处,以防文章变黑:

在没有提示的情况下使用 PSCredentials - GeeksWithBlogs (archive.org)

无论如何,一旦您连接到远程服务器,您就可以发出进一步的命令,例如:

Import-Module WebAdministration
CD IIS:\Sites

等等。

如果这台机器面向互联网并且唯一的访问方式是通过互联网,则应谨慎对待上述大多数内容。如果是这种情况,请考虑将 WinRM 端口仅限于 VPN。

As Oded says, you need Active Directory to be able to open a connection to a remote server using ServerManager.

Assuming you have administrator RDP access server there is an alternative which is to use WinRM and Remote PowerShell (works best with PowerShell 2.0 which comes with the latest version of WinRM) in your build scripts:

Windows Remote Management Command-Line Tool (Winrm.cmd)

To quickly configure WinRM for two machines that are not in a domain:

Client:

winrm quickconfig  (just say yes)
winrm set winrm/config/Client/Auth '@{Basic="true"}'
:: Only do this next line if not using HTTPS
winrm set winrm/config/Client '@{AllowUnencrypted="true"}'
winrm set winrm/config/Client '@{TrustedHosts="hostname_or_ip"}'

Server:

winrm quickconfig (just say yes)
winrm set winrm/config/Service/Auth '@{Basic="true"}'

:: See: http://support.microsoft.com/kb/2019527 regarding https
winrm quickconfig -transport:https

:: Only do this if not using HTTPS AND you are happy about sending credentials
:: in clear text.
winrm set winrm/config/Service '@{AllowUnencrypted="true"}'

Now there are some caveats. WinRM will punch a hole in Windows Firewall for ports 5985 and 5986 for the listener (if running Windows Server 2003 it'll use port 80 and 443). This may not be to your liking and you'd probably best speak to your network admins about how to secure that.

Once you have WinRM configured you'll need user account configured on the remote server that is a member of the administrators group. Once done you can then test. On the build server:

# the following line will prompt for a username and password, enter the name of the account
# you just configured on the IIS box
$cred = Get-Credential

# next test the connection
Test-WSMan -ComputerName <server_name_or_ip> -Authentication default `
           -Credential $cred

If all is good you should see the following response:

wsmid           : http://schemas.dmtf.org/wbem/wsman/identity/1/wsmanidentity.x
                  sd
ProtocolVersion : http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd
ProductVendor   : Microsoft Corporation
ProductVersion  : OS: 6.1.7600 SP: 0.0 Stack: 2.0

The next thing is to connect to a remote PowerShell session:

Enter-PSSession <server_name_or_ip_address> -Authentication default -Credential $cred

If this is successful you should have a PowerShell prompt on the remote machine.

Using Remote PowerShell you can then load the WebAdministration Provider for PowerShell and manipulate many aspects of IIS to your hearts content:

Web Administration (IIS) Provider for Windows PowerShell

To connect to the remote server you need to provide a PSCredential object. As mentioned above you would provide this using:

$cred = Get-Credential

However, this always demands some interaction from the keyboard to provide a username and password. Obviously this is no good for automated CI.

You can however store the password in a file. To do this run the following just once (or whenever the password changes):

read-host -assecurestring | convertfrom-securestring | out-file C:\securestring.txt

Then when you need to create your PSCredential to authenticate to the remote server:

$username = "deployment_user"
$password = cat C:\securestring.txt | convertto-securestring
$cred = new-object -typename System.Management.Automation.PSCredential `
         -argumentlist $username, $password

$serverNameOrIp = "192.168.1.1"
Enter-PSSession $serverNameOrIp -Authentication default -Credential $cred

The above script was sourced from the following blog entry but I've duplicated to preserve here just in case that article goes dark:

Using PSCredentials without a prompt - GeeksWithBlogs (archive.org)

Anyway, so once you're connected to the remote server you can issue further commands such as:

Import-Module WebAdministration
CD IIS:\Sites

And so on.

Most of the above should be approached with caution if this machine is internet facing and the only way to access is via the internet. If this is the case consider restricting the WinRM ports to VPN only.

背叛残局 2024-11-03 05:13:40

最后我写了一个 WCF 服务,它作为服务运行在远程计算机上。该服务在具有管理员权限的本地帐户下运行,以便可以更改该计算机上的本地 IIS 实例。

在我的 NAnt 脚本中,我有一系列与 WCF 服务通信并根据需要更改 IIS 设置的自定义任务。

由于这是一个内部开发环境,我不太关心安全性,并且我允许对 IIS 进行的实际更改非常基本。

I wrote a WCF service in the end, which runs on the remote machine as a service. The service runs under a local account with administrator rights so that the local IIS instance on that machine can be changed.

From my NAnt script I have a series of custom tasks that communicate to the WCF service and change IIS settings as required.

As this is an internal dev environment I am not too concerned about security and the actual changes to IIS I am allowed are very basic.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文