IIS | TekCookie https://tekcookie.com Everything about IT Sun, 13 Jun 2021 12:56:11 +0000 en-US hourly 1 https://i0.wp.com/tekcookie.com/wp-content/uploads/2021/06/cropped-TekCookie-211.png?fit=32%2C17&ssl=1 IIS | TekCookie https://tekcookie.com 32 32 174510684 IIS Authorization Rules using PowerShell https://tekcookie.com/iis-authorization-rules-using-powershell/ https://tekcookie.com/iis-authorization-rules-using-powershell/#comments Sun, 01 Mar 2020 08:40:00 +0000 https://adminscripter.wordpress.com/?p=313 Add or Remove IIS Authorization Rules using PowerShell

Adding to the post – https://tekcookie.com/iis-client-certificate-mapping-using-powershell/

Once the client certificate is mapped, we have to add authorization rules in the website for providing access to the users.

From the client certificate mapping script, the variable $results has the user info details captured from the client certificates. Using this we have to add allow authorization rules in the website.

foreach($userInfo in $results) {     
   Add-WebConfiguration -Filter "system.webServer/security/authorization" `     
   -Value @{accessType="Allow"; users="$userInfo.UserName"} -PSPath IIS:\sites\websitename 
}

The above code will create authorization rule – Allow for the users in the list.

Authorization rules can be created in the IIS server level which can be inherited to the website or as local to the website

#Add IIS Authorization rules to web site at applicationHost.config 
add-WebConfiguration -Filter "system.webServer/security/authorization" ` 
-Value @{accessType="Allow"; users="user1"} -pspath 'MACHINE/WEBROOT/APPHOST' -location 'websitename' 

#Add IIS Authorization rules to web site at web.config add-WebConfiguration -Filter "system.webServer/security/authorization" ` 
-Value @{accessType="Allow"; users="user2"} -PSPath IIS:\sites\websitename
Configuration entry added to web.config is listed as ‘Local’ and entry added to applicationHost.config is listed as ‘Inherited’

Removing authorization rules

#Remove IIS Authorization rules to web site at web.config 
Remove-WebConfigurationProperty -Filter "system.webServer/security/authorization" ` 
-pspath IIS:\Sites\websitename -name . -AtElement @{Users='user2'} 

#Remove IIS Authorization rules to web site at applicationHost.config 
Remove-WebConfigurationProperty -Filter "system.webServer/security/authorization" ` 
-pspath 'MACHINE/WEBROOT/APPHOST' -location 'websitename' -name . -AtElement @{Users='user1'}

Thank you for reading my post, Hope this is helpful to you !!!

]]> https://tekcookie.com/iis-authorization-rules-using-powershell/feed/ 1 313 IIS Client Certificate Mapping using PowerShell https://tekcookie.com/iis-client-certificate-mapping-using-powershell/ https://tekcookie.com/iis-client-certificate-mapping-using-powershell/#respond Wed, 11 Dec 2019 05:38:45 +0000 https://adminscripter.wordpress.com/?p=240 Migrate IIS client certificates from Windows 2003 to Windows 2016 using PowerShell

To import the certificate, we need to have the public key information exported to .cer certificate file

#Get the File names of certificate
$names = Get-ChildItem C:\Users\Administrator\Desktop\Certs\
$results = @()
#looping through each certificates to fetch Public Key and User Info
foreach($name in $names) {
	#reading content of the file
    $CertData = Get-Content $name.FullName
    $CertData = $CertData[1..($CertData.Length-2)]	#To remove first and last line in the content
    $publicKey = ""
    $CertData | % {
        $publicKey += $_.ToString()
    }
	
	#Getting user name from certificate
	$certif = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2
	$certif.Import($name.FullName)
	$userName = $certif.GetName().ToString().Split(",")[-1].Replace("CN=","").Replace(" ","")
    $result = New-Object -TypeName PSObject -Property @{
    FileName = $name.Name
    UserName = $userName
    PublicKey = $publicKey
    }
	
	#List of all certificate data and user name
    $results += $result
}
#$results | select FileName, UserName, PublicKey

Once the Information is collected, users have to be created locally on the server

foreach($userInfo in $results) {
    New-LocalUser -Name $userInfo.UserName -Password (ConvertTo-SecureString "ThisIsAGoodPassword123" -AsPlainText -Force)
    #Set-LocalUser -Name $userInfo.UserName -Password (ConvertTo-SecureString "ThisIsAGoodPassword123@2k" -AsPlainText -Force)
}

After user creation, In IIS oneToOneMappings, we have to add the certificate public key along with the respective user name and password

Both foreach loops can be merged. I have divided the foreach for better readability.

foreach($userInfo in $results) {
    Add-WebConfigurationProperty -pspath 'MACHINE/WEBROOT/APPHOST' -location 'EveryCarParts1' `
    -filter "system.webServer/security/authentication/iisClientCertificateMappingAuthentication/oneToOneMappings" `
    -name '.' `
    -value @{enabled='True';userName=$userInfo.UserName;password='ThisIsAGoodPassword123';certificate=$userInfo.PublicKey}
}

For adding Web configuration Property, I got the clue from following post
https://stackoverflow.com/questions/29497971/configuring-iis-client-certificate-mapping-authentication

Thank you for reading my post. Hope this is helpful to you.

]]> https://tekcookie.com/iis-client-certificate-mapping-using-powershell/feed/ 0 240