ManagementAuthorization Class

Reference

Definition

Namespace:: Microsoft.Web.Management.Server

Assembly:: Microsoft.Web.Management.dll

Important

Some information relates to prerelease product that may be substantially modified before it’s released. Microsoft makes no warranties, express or implied, with respect to the information provided here.

Provides functionality for managing the authorization list for a specific site or application.

public ref class ManagementAuthorization abstract sealed

public static class ManagementAuthorization

type ManagementAuthorization = class

Public Class ManagementAuthorization

Inheritance: Object
ManagementAuthorization

Examples

The following example implements several of the methods and properties of the ManagementAuthorization and ManagementAuthorizationInfo classes. This example adds a specified user to a specified site and displays a collection of authorized users of that specified site.

       // Returns a Property bag that contains the Site Owner Details.
       public PropertyBag GetSiteOwnerDetails(string siteName)
       {
           PropertyBag SiteOwnerDetailsBag = new PropertyBag();

           // Set the userName.
           string userName = "User4";
                     
           string display = null;
           string message = null;
           AppDomain domain = Thread.GetDomain();
           domain.SetPrincipalPolicy(PrincipalPolicy.WindowsPrincipal);
           WindowsPrincipal principal = (WindowsPrincipal)Thread.CurrentPrincipal;

           // Gets the site from the siteName.
           Site site = base.ManagementUnit.ServerManager.Sites[siteName];
           // Set the path.
           string path = site.Name;
           
           SiteOwnerDetailsBag.Add(0, principal.Identity.Name);
           SiteOwnerDetailsBag.Add(1, 
               ManagementAuthorization.IsAuthorized(principal, path).ToString());
           SiteOwnerDetailsBag.Add(2, siteName as string);
           
           message = "Provider: " + ManagementAuthorization.Provider;
           display = display + message;
           // Get a collection of authorized users.
           ManagementAuthorizationInfoCollection authorizedCollection =
               ManagementAuthorization.GetAuthorizedUsers(path, true, 0, -1);
           message = "\nAuthorizedUsers count: " +
               authorizedCollection.Count.ToString() + "\n  ";
           display = display + message;
           bool isInCollection = false;
           message = null;
           // Search the returned collection.
           foreach (ManagementAuthorizationInfo authorizedInfo in authorizedCollection)
           {
               message = message + "\nName: " + authorizedInfo.Name;
               message = message + "     ConfigurationPath: " + 
                   authorizedInfo.ConfigurationPath;
               message = message + "     IsRole: " + authorizedInfo.IsRole;

               // Check to see if the user is already in the allowed users collection.                
               if (userName.Equals(authorizedInfo.Name))
               {
                   isInCollection = true;
               }
           }

           // Grant the user permission to this site only if 
           // they are not already in the allowed users collection.
           if (!isInCollection)
           {
               ManagementAuthorization.Grant(userName, path, false);
               message = message + "\nadded: " + userName;
           }
           display = display + message;

           string[] configPaths = 
               ManagementAuthorization.GetConfigurationPaths(principal, null);

           message = "\n\nThe current user is a member of " + 
               configPaths.Length + " paths.";
           foreach (string configpath in configPaths)
           {
               message = message + "\npath: " + configpath;
           }
           display = display + message;

           SiteOwnerDetailsBag.Add(3, display as string);

           // Uncomment the following line to rename a configuration path. 
           // ManagementAuthorization.RenameConfigurationPath(path , path + "-new");

           // Uncomment the following line to revoke 
           // all authorizations for the specified user.
           // ManagementAuthorization.Revoke(userName);

           // Uncomment the following line to revoke the 
           // authorization for the specified user to the specified site.
           // ManagementAuthorization.Revoke(userName, path);

           // Uncomment the following line to revoke all 
           // authorization for the specified site.
           // ManagementAuthorization.RevokeConfigurationPath(path);

           return SiteOwnerDetailsBag;
       }

Remarks

Permissions for IIS Manager are granted for a specific site or application and not at the server level. The ManagementAuthorization object determines whether a user or role should be granted access to a specific site or application. A list of authorized users is available on the IIS Manager Permissions page of IIS Manager.

This class cannot be inherited.

Properties

Provider

Gets the authorization provider for IIS Manager.

Methods

GetAuthorizedUsers(String, Boolean, Int32, Int32)	Retrieves a collection of authorized users for the specified configuration path.
GetConfigurationPaths(IPrincipal, String)	Returns an array of configuration paths that the specified principal is authorized to configure.
Grant(String, String, Boolean)	Grants authorization to a user name or role for the specified configuration path.
IsAuthorized(IPrincipal, String)	Retrieves a value indicating whether the specified principal is authorized for the specified configuration path.
RenameConfigurationPath(String, String)	Renames a configuration path.
Revoke(String)	Revokes authorization for the specified user for all configuration paths.
Revoke(String, String)	Revokes authorization for the specified user for the specified configuration path.
RevokeConfigurationPath(String)	Removes all authorized users from the specified configuration path.

Applies to