Upgrade your Internet Experience
Microsoft.com
Welcome Sign in
Microsoft Developer Network
Click to Rate and Give Feedback
MSDN
MSDN Library
Web Development
 Setting IP Security Using System.Di...

  Switch on low bandwidth view
Setting IP Security Using System.DirectoryServices

Set IP security to configure IIS to restrict client access based on IP addresses or DNS host names. Configuring IP security modifies the IPSecurity metabase property.

The following example shows you how to use the C# programming language to enumerate the IPSecurity property at a node in the IIS metabase, and add a new restriction.

This example requires Windows XP Professional Service Pack 2 or Windows Server 2003 Service Pack 1.

Note:

System.DirectoryServices can be used to get and set String and DWORD properties in the IIS metabase, and invoke most methods. However, you cannot set restriction properties unless you are using Windows XP Professional with Service Pack 2 or Windows Server 2003 with Service Pack 1.

To keep this code example concise, it does not include code access security (CAS) parameters or parameter checking. For more information, see Code Access Security and Validating User Input to Avoid Attacks. Additionally, you can instantiate your System.DirectoryServices.DirectoryEntry object with an authentication parameter.

C#
using System;
using System.IO;
using System.DirectoryServices;
using System.Reflection;
using System.Runtime.InteropServices;
using System.Collections;

namespace System_DirectoryServices_DirectoryEntry_ConfigIIS
{
  class Program
  {
    static void Main(string[] args)
    {


...


SetIPSecurityProperty("IIS://localhost/W3SVC", "DomainDeny", "domain.microsoft.com");


...


}


...


static void SetIPSecurityProperty(string metabasePath, string member, string item)
{
    //  metabasePath is of the form "IIS://<servername>/<path>"
    //    for example "IIS://localhost/SMTPSVC/1" 
    //  member is of the form "IPGrant|IPDeny|DomainGrant|DomainDeny"
    //  item is of the form "<ipaddress|domain>", for example, 157.56.236.15 or domain.microsoft.com
    Console.WriteLine("\nEnumerating the IPSecurity property at {0}:", metabasePath);

    try
    {
        if (("IPGrant" != member) && ("IPDeny" != member) && ("DomainGrant" != member) && ("DomainDeny" != member))
        {
            Console.WriteLine(" Failed in SetIPSecurityProperty; second param must be one of IPGrant|IPDeny|DomainGrant|DomainDeny");
        }
        else
        {
            DirectoryEntry path = new DirectoryEntry(metabasePath);
            path.RefreshCache();
            object ipsecObj = path.Invoke("Get", new string[] { "IPSecurity" });
            Type t = ipsecObj.GetType();
            Array data = (Array)t.InvokeMember(member, BindingFlags.GetProperty, null, ipsecObj, null);
            Console.WriteLine(" Old {0} =", member);
            bool exists = false;
            foreach (object dataItem in data)
            {
                Console.WriteLine("  {0}", dataItem.ToString());
                if (dataItem.ToString().StartsWith(item))
                {
                    exists = true;
                }
            }

            if (exists)
            {
                Console.WriteLine(" {0} already exists in {1}", item, member);
            }
            else
            {
                object[] newData = new object[data.Length + 1];
                data.CopyTo(newData, 0);
                newData.SetValue(item, data.Length);
                t.InvokeMember(member, BindingFlags.SetProperty, null, ipsecObj, new object[] { newData });
                path.Invoke("Put", new object[] { "IPSecurity", ipsecObj });
                path.CommitChanges();

                path.RefreshCache();
                ipsecObj = path.Invoke("Get", new string[] { "IPSecurity" });
                data = (Array)t.InvokeMember(member, BindingFlags.GetProperty, null, ipsecObj, null);
                Console.WriteLine(" New {0} =", member);
                foreach (object dataItem in data)
                    Console.WriteLine("  {0}", dataItem.ToString());
                Console.WriteLine(" Done.");
            }
        }
    }
    catch (Exception ex)
    {
        if ("HRESULT 0x80005006" == ex.Message)
            Console.WriteLine(" Property IPSecurity does not exist at {0}", metabasePath);
        else
            Console.WriteLine("Failed in SetIPSecurityProperty with the following exception: \n{0}", ex.Message);
    }
}


...


  }
}
© 2009 Microsoft Corporation. All rights reserved. Terms of Use  |  Trademarks  |  Privacy Statement
Page view tracker