以编程方式解锁 Powershell 中的 IIS 配置部分

发布于 2024-11-02 17:05:15 字数 1720 浏览 3 评论 0原文

我正在编写一个 powershell 脚本来创建和配置许多网站和虚拟目录。我正在使用 .NET Microsoft.Web.Administration 程序集。我在默认网站下创建了一个新应用程序,并向其中添加了一个新的虚拟目录,一切正常。我现在想做的是为虚拟目录设置身份验证选项。我正在 powershell 中执行以下操作:

[System.Reflection.Assembly]::LoadWithPartialName("Microsoft.Web.Administration")

$oIIS = new-object Microsoft.Web.Administration.ServerManager
$oWebSite = $oIIS.Sites["Default Web Site"]
$oApp = $oWebSite.Applications["/MyApp"]

$oConfig = $oApp.GetWebConfiguration()

$oAnonAuth = $oConfig.GetSection("system.webServer/security/authentication/anonymousAuthentication")
$oAnonAuth.SetAttributeValue("enabled", "False")

但是,SetAttributeValue 命令给出以下错误:

“此配置节不能在此路径中使用。当该节在父级别锁定时会发生这种情况。默认情况下锁定 (overrideModeDefault= “Deny”),或通过 overrideMode="Deny" 或旧的allowOverride="false" 位置标记显式设置

根据我在其他地方读到的内容,有一些建议可以更改应用程序的 XML 文件以允许覆盖。不想这样做 - 有什么方法可以以编程方式解锁配置以允许我更改它?我根本不需要任何用户输入到此过程中。

感谢您的帮助, 阿尔。


找到了我正在寻找的答案 - 但作为一个新用户,我无法在 24 小时内回答我自己的问题。

我想我在这个网站上找到了下面的代码,但我的机器已经重新启动,所以我丢失了页面。然而,以下似乎有效:

#
# Allow overriding of the security settings.
#
$oGlobalConfig = $oIIS.GetApplicationHostConfiguration()
$oConfig = $oGlobalConfig.GetSection("system.webServer/security/authentication/anonymousAuthentication", "Default Web Site/mySite")
$oConfig.OverrideMode="Allow"
$oIIS.CommitChanges()

#
# Following the commit above, we need a new instance of the configuration object, which we can now 
# modify.
#
$oGlobalConfig = $oIIS.GetApplicationHostConfiguration()
$oConfig = $oGlobalConfig.GetSection("system.webServer/security/authentication/anonymousAuthentication", "Default Web Site/mySite")
$oConfig.SetAttributeValue("enabled", "False")
$oIIS.CommitChanges()

I am writing a powershell script to create and configure a number of websites and virtual directories. I am using the .NET Microsoft.Web.Administration assembly. I have created a new application under the default website and added a new virtual directory to it and it all works well. What I'm trying to do now is set up the authentication options for the virtual directory. I am doing the following in powershell:

[System.Reflection.Assembly]::LoadWithPartialName("Microsoft.Web.Administration")

$oIIS = new-object Microsoft.Web.Administration.ServerManager
$oWebSite = $oIIS.Sites["Default Web Site"]
$oApp = $oWebSite.Applications["/MyApp"]

$oConfig = $oApp.GetWebConfiguration()

$oAnonAuth = $oConfig.GetSection("system.webServer/security/authentication/anonymousAuthentication")
$oAnonAuth.SetAttributeValue("enabled", "False")

However, the SetAttributeValue command gives me the following error:

"This configuration section cannot be used at this path. This happens when the section is locked at a parent level. Locking is either by default (overrideModeDefault="Deny"), or set explicitly by a location tag with overrideMode="Deny" or the legacy allowOverride="false"

From what I have read elsewhere, there are some suggestions to change the XML file for the application to allow overriding. I don't want to have to do that - is there any way to programmatically unlock the configuration to allow me to change it? I don't want any user input into this process at all..

Thanks for any help,
Al.


Found the answer I was looking for - but being a new user I can't answer my own question for 24 hrs..

I think I found the code below on this site, but my machine has since rebooted so I've lost the page. However, the following seems to work:

#
# Allow overriding of the security settings.
#
$oGlobalConfig = $oIIS.GetApplicationHostConfiguration()
$oConfig = $oGlobalConfig.GetSection("system.webServer/security/authentication/anonymousAuthentication", "Default Web Site/mySite")
$oConfig.OverrideMode="Allow"
$oIIS.CommitChanges()

#
# Following the commit above, we need a new instance of the configuration object, which we can now 
# modify.
#
$oGlobalConfig = $oIIS.GetApplicationHostConfiguration()
$oConfig = $oGlobalConfig.GetSection("system.webServer/security/authentication/anonymousAuthentication", "Default Web Site/mySite")
$oConfig.SetAttributeValue("enabled", "False")
$oIIS.CommitChanges()

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(1

萌酱 2024-11-09 17:05:15

我不久前写了一篇关于此的博客文章。 http://www.danielrichnak.com/powershell-iis7-teach-yoursel/

下面的代码将循环遍历 system.webserver 级别的所有内容并解锁它。您可以根据需要定位不同的节点。

$assembly = [System.Reflection.Assembly]::LoadFrom("$env:systemroot\system32\inetsrv\Microsoft.Web.Administration.dll")

# helper function to unlock sectiongroups
function unlockSectionGroup($group)
{
    foreach ($subGroup in $group.SectionGroups)
    {
        unlockSectionGroup($subGroup)
    }
    foreach ($section in $group.Sections)
    {
        $section.OverrideModeDefault = "Allow"
    }
}

# initial work
# load ServerManager
$mgr = new-object Microsoft.Web.Administration.ServerManager
# load appHost config
$conf = $mgr.GetApplicationHostConfiguration()

# unlock all sections in system.webServer
unlockSectionGroup(
     $conf.RootSectionGroup.SectionGroups["system.webServer"])

你的解决方案是相似的,但又足够不同,我无法验证你所得到的,但既然你说它有效 - 听起来不错。 :)

I wrote a blog post about this quite a while back. http://www.danielrichnak.com/powershell-iis7-teach-yoursel/

The below code will loop through everything in system.webserver level and unlock it. You can target different nodes as you see fit.

$assembly = [System.Reflection.Assembly]::LoadFrom("$env:systemroot\system32\inetsrv\Microsoft.Web.Administration.dll")

# helper function to unlock sectiongroups
function unlockSectionGroup($group)
{
    foreach ($subGroup in $group.SectionGroups)
    {
        unlockSectionGroup($subGroup)
    }
    foreach ($section in $group.Sections)
    {
        $section.OverrideModeDefault = "Allow"
    }
}

# initial work
# load ServerManager
$mgr = new-object Microsoft.Web.Administration.ServerManager
# load appHost config
$conf = $mgr.GetApplicationHostConfiguration()

# unlock all sections in system.webServer
unlockSectionGroup(
     $conf.RootSectionGroup.SectionGroups["system.webServer"])

Your solution is similar but different enough that I can't verify what you've got, but since you say it works - sounds good. :)

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文