How to control IIS's disable IP list through a web mode.
This problem can be further divided into two problems: 1. How to control IIS's ipdeny; 2, because it is a web mode, the default web account permissions are low, there is no above, how to handle it. first question:
Three methods are given in MSDN: http: //msdn.microsoft.com/library/default.asp? URL = / library / en-us / iissdk / IIS / setting_ip_security_using_system_directoryservices.asp here is given here. In fact, it is an additional use of the System.DirectoryServices class: http://msdn.microsoft.com/library/default.asp? URL = / library / en-us / iissdk / IIS / ref_prog_iaorefiipsecd.asp code is written by VBScript
In fact, there is a better at: http://www.thecodeproject.com/csharp/iiswmi.asp is actually using System.DirectoryServices. At the same time, by using reflection to avoid the embarrassment that Win2003 SP1 must be used. For specific code, please see that the webpage, you will not be detailed.
second question:
Of course, you can solve this problem very much permissions to the Web's run account. What we have to say here is not safe, but only give the necessary permissions. This requires the identity simulation.
Articles about using identity simulation in ASP.NET applications, please see the following article: http://www.microsoft.com/china/community/program/originalarticles/techdoc/impersonation.mspx
Or you check the description of the WindowsimPersonationContext class in MSDN. Or is the relevant information of this section in Web.config
As for how to set up an account, this account has only read and write permissions for IIS's ipdeny. Juji, I will not.
I used a higher authority account. Implemented by setting the Identity section of Web.config. By setting: impersonate = "true", the authentication of the user identity is handed over to IIS. When an anonymous login is allowed, IIS handed an anonymous login to the ASP.NET application to the ASP.NET application. When anonymous login is not allowed, IIS passes the authenticated identity ID to the ASP.NET application. The specific access of ASP.NET is determined by the permission of the account. At this time, I can use the anonymous login and then log in with a very high privilege account.
This article can also be referred to: http://www.microsoft.com/china/technet/security/guidance/secmod38.mspx
