Welcome Sign in
Microsoft Developer Network
 Printer Friendly Version      Send     
Click to Rate and Give Feedback
MSDN
MSDN Library
This page is specific to
.NET Framework 3.0

Other versions are also available for the following:
Setting IP Security Using System.DirectoryServices
[Note: This topic is pre-release documentation and is subject to change in future releases. Blank topics are included as placeholders.]

Set IP security to configure IIS to restrict client access based on IP addresses or DNS host names. Configuring IP security modifies the IPSecurity metabase property.

The following example shows you how to use the C# programming language to enumerate the IPSecurity property at a node in the IIS metabase, and add a new restriction.

This example requires Windows XP Professional Service Pack 2 or Windows Server 2003 Service Pack 1.

NoteNote:

System.DirectoryServices can be used to get and set String and DWORD properties in the IIS metabase, and invoke most methods. However, you cannot set restriction properties unless you are using Windows XP Professional with Service Pack 2 or Windows Server 2003 with Service Pack 1.

To keep this code example concise, it does not include code access security (CAS) parameters or parameter checking. For more information, see Code Access Security and Validating User Input to Avoid Attacks. Additionally, you can instantiate your System.DirectoryServices.DirectoryEntry object with an authentication parameter.

C#
using System;
using System.IO;
using System.DirectoryServices;
using System.Reflection;
using System.Runtime.InteropServices;
using System.Collections;

namespace System_DirectoryServices_DirectoryEntry_ConfigIIS
{
  class Program
  {
    static void Main(string[] args)
    {


...
SetIPSecurityProperty("IIS://localhost/W3SVC", "DomainDeny", "domain.microsoft.com");


...
}


...
static void SetIPSecurityProperty(string metabasePath, string member, string item)
{
    //  metabasePath is of the form "IIS://<servername>/<path>"
    //    for example "IIS://localhost/SMTPSVC/1" 
    //  member is of the form "IPGrant|IPDeny|DomainGrant|DomainDeny"
    //  item is of the form "<ipaddress|domain>", for example, 157.56.236.15 or domain.microsoft.com
    Console.WriteLine("\nEnumerating the IPSecurity property at {0}:", metabasePath);

    try
    {
        if (("IPGrant" != member) && ("IPDeny" != member) && ("DomainGrant" != member) && ("DomainDeny" != member))
        {
            Console.WriteLine(" Failed in SetIPSecurityProperty; second param must be one of IPGrant|IPDeny|DomainGrant|DomainDeny");
        }
        else
        {
            DirectoryEntry path = new DirectoryEntry(metabasePath);
            path.RefreshCache();
            object ipsecObj = path.Invoke("Get", new string[] { "IPSecurity" });
            Type t = ipsecObj.GetType();
            Array data = (Array)t.InvokeMember(member, BindingFlags.GetProperty, null, ipsecObj, null);
            Console.WriteLine(" Old {0} =", member);
            bool exists = false;
            foreach (object dataItem in data)
            {
                Console.WriteLine("  {0}", dataItem.ToString());
                if (dataItem.ToString().StartsWith(item))
                {
                    exists = true;
                }
            }

            if (exists)
            {
                Console.WriteLine(" {0} already exists in {1}", item, member);
            }
            else
            {
                object[] newData = new object[data.Length + 1];
                data.CopyTo(newData, 0);
                newData.SetValue(item, data.Length);
                t.InvokeMember(member, BindingFlags.SetProperty, null, ipsecObj, new object[] { newData });
                path.Invoke("Put", new object[] { "IPSecurity", ipsecObj });
                path.CommitChanges();

                path.RefreshCache();
                ipsecObj = path.Invoke("Get", new string[] { "IPSecurity" });
                data = (Array)t.InvokeMember(member, BindingFlags.GetProperty, null, ipsecObj, null);
                Console.WriteLine(" New {0} =", member);
                foreach (object dataItem in data)
                    Console.WriteLine("  {0}", dataItem.ToString());
                Console.WriteLine(" Done.");
            }
        }
    }
    catch (Exception ex)
    {
        if ("HRESULT 0x80005006" == ex.Message)
            Console.WriteLine(" Property IPSecurity does not exist at {0}", metabasePath);
        else
            Console.WriteLine("Failed in SetIPSecurityProperty with the following exception: \n{0}", ex.Message);
    }
}


...
  }
}
Visual Basic
Imports System
Imports System.IO
Imports System.DirectoryServices
Imports System.Reflection
Imports System.Runtime.InteropServices
Imports System.Collections

Module Program

    Sub Main(ByVal args() As String)


...
End Sub


...
End Module
© 2008 Microsoft Corporation. All rights reserved. Terms of Use  |  Trademarks  |  Privacy Statement
Page view tracker