Add or Remove IIS Authorization Rules using PowerShell

Adding to the post – https://tekcookie.com/iis-client-certificate-mapping-using-powershell/

Once the client certificate is mapped, we have to add authorization rules in the website for providing access to the users.

From the client certificate mapping script, the variable $results has the user info details captured from the client certificates. Using this we have to add allow authorization rules in the website.

foreach($userInfo in $results) {     
   Add-WebConfiguration -Filter "system.webServer/security/authorization" `     
   -Value @{accessType="Allow"; users="$userInfo.UserName"} -PSPath IIS:\sites\websitename 
}

The above code will create authorization rule – Allow for the users in the list.

Authorization rules can be created in the IIS server level which can be inherited to the website or as local to the website

#Add IIS Authorization rules to web site at applicationHost.config 
add-WebConfiguration -Filter "system.webServer/security/authorization" ` 
-Value @{accessType="Allow"; users="user1"} -pspath 'MACHINE/WEBROOT/APPHOST' -location 'websitename' 

#Add IIS Authorization rules to web site at web.config add-WebConfiguration -Filter "system.webServer/security/authorization" ` 
-Value @{accessType="Allow"; users="user2"} -PSPath IIS:\sites\websitename
Configuration entry added to web.config is listed as ‘Local’ and entry added to applicationHost.config is listed as ‘Inherited’

Removing authorization rules

#Remove IIS Authorization rules to web site at web.config 
Remove-WebConfigurationProperty -Filter "system.webServer/security/authorization" ` 
-pspath IIS:\Sites\websitename -name . -AtElement @{Users='user2'} 

#Remove IIS Authorization rules to web site at applicationHost.config 
Remove-WebConfigurationProperty -Filter "system.webServer/security/authorization" ` 
-pspath 'MACHINE/WEBROOT/APPHOST' -location 'websitename' -name . -AtElement @{Users='user1'}

Thank you for reading my post, Hope this is helpful to you !!!