Export (0) Print
Expand All

ManagementAuthorization Class

IIS 7.0

Provides functionality for managing the authorization list for a specific site or application.

System..::..Object
  Microsoft.Web.Management.Server..::..ManagementAuthorization

Namespace:  Microsoft.Web.Management.Server
Assembly:  Microsoft.Web.Management (in Microsoft.Web.Management.dll)

public static class ManagementAuthorization

The ManagementAuthorization type exposes the following members.

  NameDescription
Public propertyStatic memberProviderGets the authorization provider for IIS Manager. 
Top

  NameDescription
Public methodStatic memberGetAuthorizedUsersRetrieves a collection of authorized users for the specified configuration path.
Public methodStatic memberGetConfigurationPathsReturns an array of configuration paths that the specified principal is authorized to configure.
Public methodStatic memberGrantGrants authorization to a user name or role for the specified configuration path.
Public methodStatic memberIsAuthorizedRetrieves a value indicating whether the specified principal is authorized for the specified configuration path.
Public methodStatic memberRenameConfigurationPathRenames a configuration path.
Public methodStatic memberRevoke(String)Revokes authorization for the specified user for all configuration paths.
Public methodStatic memberRevoke(String, String)Revokes authorization for the specified user for the specified configuration path.
Public methodStatic memberRevokeConfigurationPathRemoves all authorized users from the specified configuration path.
Top

Permissions for IIS Manager are granted for a specific site or application and not at the server level. The ManagementAuthorization object determines whether a user or role should be granted access to a specific site or application. A list of authorized users is available on the IIS Manager Permissions page of IIS Manager. 

This class cannot be inherited.

The following example implements several of the methods and properties of the ManagementAuthorization and ManagementAuthorizationInfo classes. This example adds a specified user to a specified site and displays a collection of authorized users of that specified site.

// Returns a Property bag that contains the Site Owner Details.
public PropertyBag GetSiteOwnerDetails(string siteName)
{
    PropertyBag SiteOwnerDetailsBag = new PropertyBag();

    // Set the userName.
    string userName = "User4";

    string display = null;
    string message = null;
    AppDomain domain = Thread.GetDomain();
    domain.SetPrincipalPolicy(PrincipalPolicy.WindowsPrincipal);
    WindowsPrincipal principal = (WindowsPrincipal)Thread.CurrentPrincipal;

    // Gets the site from the siteName.
    Site site = base.ManagementUnit.ServerManager.Sites[siteName];
    // Set the path.
    string path = site.Name;

    SiteOwnerDetailsBag.Add(0, principal.Identity.Name);
    SiteOwnerDetailsBag.Add(1, 
        ManagementAuthorization.IsAuthorized(principal, path).ToString());
    SiteOwnerDetailsBag.Add(2, siteName as string);

    message = "Provider: " + ManagementAuthorization.Provider;
    display = display + message;
    // Get a collection of authorized users.
    ManagementAuthorizationInfoCollection authorizedCollection =
        ManagementAuthorization.GetAuthorizedUsers(path, true, 0, -1);
    message = "\nAuthorizedUsers count: " +
        authorizedCollection.Count.ToString() + "\n  ";
    display = display + message;
    bool isInCollection = false;
    message = null;
    // Search the returned collection.
    foreach (ManagementAuthorizationInfo authorizedInfo in authorizedCollection)
    {
        message = message + "\nName: " + authorizedInfo.Name;
        message = message + "     ConfigurationPath: " + 
            authorizedInfo.ConfigurationPath;
        message = message + "     IsRole: " + authorizedInfo.IsRole;

        // Check to see if the user is already in the allowed users collection.                
        if (userName.Equals(authorizedInfo.Name))
        {
            isInCollection = true;
        }
    }

    // Grant the user permission to this site only if 
    // they are not already in the allowed users collection.
    if (!isInCollection)
    {
        ManagementAuthorization.Grant(userName, path, false);
        message = message + "\nadded: " + userName;
    }
    display = display + message;

    string[] configPaths = 
        ManagementAuthorization.GetConfigurationPaths(principal, null);

    message = "\n\nThe current user is a member of " + 
        configPaths.Length + " paths.";
    foreach (string configpath in configPaths)
    {
        message = message + "\npath: " + configpath;
    }
    display = display + message;

    SiteOwnerDetailsBag.Add(3, display as string);

    // Uncomment the following line to rename a configuration path. 
    // ManagementAuthorization.RenameConfigurationPath(path , path + "-new");

    // Uncomment the following line to revoke 
    // all authorizations for the specified user.
    // ManagementAuthorization.Revoke(userName);

    // Uncomment the following line to revoke the 
    // authorization for the specified user to the specified site.
    // ManagementAuthorization.Revoke(userName, path);

    // Uncomment the following line to revoke all 
    // authorization for the specified site.
    // ManagementAuthorization.RevokeConfigurationPath(path);

    return SiteOwnerDetailsBag;
}


Any public static (Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.

Community Additions

ADD
Show:
© 2014 Microsoft