How to control IIS's disable IP list through a web mode.
This problem can be further divided into two problems: 1. How to control IIS's ipdeny; 2, because it is a web mode, the default web account permissions are low, there is no above, how to handle it. first question:
Three methods are given in Microsoft's MSDN: http://msdn.microsoft.com/library/default.asp? URL = / library / en-us / iissdk / IIS / setting_ip_security_using_system_directoryservices.asp here is given here. In fact, after all the System.DirectoryServices class one kind actually have such requirements: This example requires Windows Server 2003 Service Pack 1, which contains fixes that allow System.DirectoryServices to enumerate list properties collapsed, at that time did not see this. This kind of debugging has been found for this limit for a long time. Windows Server 2003 Service Pack 1 is going to come out. can not wait anymore. Wash this solution.
Another in: http: //msdn.microsoft.com/library/default.asp? URL = / library / en-us / iissdk / IIS / ref_prog_iaorefiipsecd.asp code is written by VBScript
In fact, there is a better at: http://www.thecodeproject.com/csharp/iiswmi.asp is actually using System.DirectoryServices. At the same time, by using reflection to avoid the embarrassment that Win2003 SP1 must be used. For specific code, please see that web page, I will not tell us more. I am using this.
second question:
Of course, you can solve this problem very much permissions to the Web's run account. What we have to say here is not safe, but only give the necessary permissions. This requires the identity simulation.
Articles about using identity simulation in ASP.NET applications, please see the following article: http://www.microsoft.com/china/community/program/originalarticles/techdoc/impersonation.mspx
Or you check the description of the WindowsimPersonationContext class in MSDN. Or is the relevant information of this section in Web.config
As for how to set up an account, this account has only read and write permissions for IIS's ipdeny. Juji, I will not.
I used a higher authority account. Implemented by setting the Identity section of Web.config. By setting: impersonate = "true", the authentication of the user identity is handed over to IIS. When an anonymous login is allowed, IIS handed an anonymous login to the ASP.NET application to the ASP.NET application. When anonymous login is not allowed, IIS passes the authenticated identity ID to the ASP.NET application. The specific access of ASP.NET is determined by the permission of the account. At this time, I can use the anonymous login and then log in with a very high privilege account.
