Set IP security to configure IIS to restrict client access based on IP addresses or DNS host names. Configuring IP security modifies the IPSecurity metabase property.
Example Code
The following example shows you how to use the C# programming language to set an IP restriction on the default Web site.
This example requires a reference to the Active DS IIS Namespace Provider in Visual Studio .NET. This reference enables you to use the IISOle namespace to access the IISMimeType class.
[C#]
using System;
using System.DirectoryServices;
using System.Reflection;
namespace ADSI1
{
/// <summary>
/// Small class containing methods to configure IIS.
/// </summary>
class ConfigIIS
{
/// <summary>
/// The main entry point for the application.
/// </summary>
[STAThread]
static void Main(string[] args)
{
string serverName = "localhost";
string password = "<Administrative_Password>";
IpSecurity(serverName, password);
}
static void IpSecurity(string serverName, string password)
{
DirectoryEntry defaultRoot = new DirectoryEntry("IIS://" + serverName + "/w3svc/1/root",serverName + "\\administrator", password,AuthenticationTypes.Secure);
PropertyValueCollection ipSecValCollection = defaultRoot.Properties["IPSecurity"];
IISOle.IPSecurityClass ipSecClass = new IISOle.IPSecurityClass();
ipSecClass.GrantByDefault = true;
ipSecClass.IPDeny = "123.0.0.1,255.255.255.0";
ipSecClass.DomainDeny = "iis-test";
ipSecValCollection.Add( ipSecClass);
defaultRoot.CommitChanges();
}
}
}
The following example shows you how to use the C# programming language to set an IP restriction on the default Web site and enumerate the restrictions contained in the IPSecurity metabase property.
This example requires Windows Server 2003 Service Pack 1, which contains fixes that allow System.DirectoryServices to enumerate list properties.
[C#]
using System;
using System.DirectoryServices;
using System.Reflection;
namespace ADSI1
{
/// <summary>
/// Small class containing methods to configure IIS.
/// </summary>
class ConfigIIS
{
/// <summary>
/// The main entry point for the application.
/// </summary>
[STAThread]
static void Main(string[] args)
{
string serverName = "localhost";
string password = "<Administrative_Password>";
IpSecEnum(serverName, password);
}
static void IpSecEnum(string serverName, string password)
{
try
{
// Use NTLM by specifying AuthenticationTypes.Secure.
DirectoryEntry defaultRoot = new DirectoryEntry("IIS://" + serverName + "/w3svc/1/root", serverName + "\\administrator", password, AuthenticationTypes.Secure);
}
catch (Exception ex)
{
Console.WriteLine("Exception: {0}", ex.Message);
}
Type ipSec;
string ipDeny, ipGrant, domainDeny, domainGrant;
bool fGrantByDefault;
// Put the IPSecurity value into a collection.
PropertyValueCollection ipSecValCollection = defaultRoot.Properties["IPSecurity"];
Type i = Type.GetTypeFromProgID("IPSecurity");
// System.Activator can create types of objects locally or remotely.
object newObj = Activator.CreateInstance(i);
i.InvokeMember("IPDeny",BindingFlags.Default | BindingFlags.SetProperty, null,newObj, new object[] {"123.45.67.89"} ) ;
// Put the new member into the collection and commit the changes.
ipSecValCollection.Insert(0,newObj);
defaultRoot.CommitChanges();
defaultRoot.RefreshCache();
PropertyValueCollection ipSecColl = defaultRoot.Properties["IPSecurity"];
// Enumerate the IPSecurity metabase property.
foreach (object val in ipSecColl)
{
ipSec = val.GetType();
ipDeny = (string) ipSec.InvokeMember("IPDeny",BindingFlags.Default | BindingFlags.GetProperty, null,val, new object[] {} ) ;
Console.WriteLine("ipDeny: " + ipDeny);
ipGrant = (string) ipSec.InvokeMember("IPGrant",BindingFlags.Default | BindingFlags.GetProperty, null,val, new object[] {} ) ;
Console.WriteLine("ipGrant: " + ipGrant);
}
}
}
}
posted @ 2004-06-23 02:55
七月(Lost) 阅读(528)
评论(1) 编辑 收藏 网摘