Programmatically Manage IIS with C#

|Programmatically Manage IIS with C#

Microsoft Web Administration (MWA) is an extremely useful library that allows you to manage an IIS application programmatically – either from the same server or remotely. However, referencing this library can be a confusing process full of pitfalls.

The first trap is the extremely popular NuGet package – which should be avoided at all costs. Initially published by a random developer, this package has since been taken over by Microsoft – however, it is still not likely what you want.The NuGet package includes all of the dependencies for the package – which are included in IIS.

Setup Dependent Features

Before we get started, you must ensure that you have IIS Management Console installed on whatever machine you are running your application.

To do this on a windows machine, you can run the following from a command prompt:

dism.exe /enable-feature /online /featurename:IIS-ManagementConsole⁠

From Windows server, you can run the following PowerShell:

Add-WindowsFeature Web-Mgmt-Console

Add Assembly Reference

After the dependent feature is installed, a copy of the Microsoft.Web.Administration.dll will be created in the following location:

C:\Windows\System32\inetsrv\Microsoft.Web.Administration.dll

We need to add a reference to this library so that regardless of where your application is run, it will find the correct version.In Visual Studio, add a reference to this file normally. Then, close Visual Studio and open your project file (.csproj) in a text editor.The service account used to run your web application must have read access to the following folder:

C:\Windows\System32\inetsrv\config

If you are attempting to manage an IIS Server remotely,

The version bundled with IIS Express is 7.9.0.0 where the full version of IIS comes with 7.0.0.0, which can be extremely confusing.

The version bundled with IIS Express is 7.9.0.0 where the full version of IIS comes with 7.0.0.0, which can be extremely confusing.This is complicated if you have a build server that has IIS Express installed – b/c it may include that instead of the full version.IIS on Builder Server…Relatedhttps://docs.microsoft.com/en-us/iis/develop/extending-the-management-ui/overview-of-mwa-and-mwm-for-iishttps://stackoverflow.com/questions/27166276/microsoft-web-administration-assembly-error-on-azurehttps://docs.microsoft.com/en-us/iis/develop/extending-iis-configuration/extending-iis-schema-and-accessing-the-custom-sections-using-mwahttps://blog.lextudio.com/whats-microsoft-web-administration-and-the-horrible-facts-you-should-know-b82f2c974da6https://stackoverflow.com/questions/28432807/servermanager-openremote-error-80040154-clsid-2b72133b-3f5b-4602-8952-803546ce3https://stackoverflow.com/questions/18104151/how-to-reference-microsoft-web-administrationhttp://mvolo.com/connecting-to-iis-70-configuration-remotely-with-microsoftwebadministration/https://www.codeproject.com/Articles/99634/%2fArticles%2f99634%2fUse-C-to-manage-IIS

Comments

To add a comment, please login or register.

In 1999 I was extremely busy. I had just started a company, my second, in the Network Security field which was new and unknown. Sales were slow, hacking was deep, deep inside campuses like Stanford and MIT and was considered sport. I was getting traction with banks and was in SF for a meeting. I remember walking down Mission past a guitar shop and hearing this song, guitar was hitting the tonic breaking into cool background riffs, a little vocal falsetto opening then breaking into verse…..broken and then back…..WTF. Reminiscent of a Cello piece I know……..inspired….. I stopped dead in my tracks - stunned. Who are these guys!?!

Nov 13, 2018 • 3 min read

C-Level Security: When your team uses military analogies, are they using the wrong narrative?

For years, I have bristled when people would use medieval military descriptions in an attempt to convey concepts within the Network Security business. Bastions, Firewalls, Moats, Drawbridges, Countermeasures; all of these descriptions give way to a more accurate and detailed explanation of what was really taking place.

Sep 22, 2017 • 3 min read

C-Level Security: Bank security and the egg timer (how good management trumps technology)

The development of technology for securing information has been advancing at a pace that is truly astounding. In 20 years the security industry has evolved from Sun Micro Systems' Sunscreen and the Cisco PIX (yes I know there were a few others) to over a thousand security products of which nearly 700 are currently VC funded. All are trying to generate business from within this ever advancing market currently called Cyber Security. There are few tech markets growing at the rate of Cyber Security and as a result we are seeing investors, in a near desperate attempt to gather slivers of this market, throwing money at companies with Rube-Goldberg-inspired technology. We now have a flood of technology solutions that no one person can understand and the customers that consume this technology struggle daily with supporting and operating these systems. Many of the C-Level executives reading this may want to consider a management solution for the next expensive problem your engineering team presents to you.

Nov 13, 2018 • 4 min read

What to Say to the C-Level, get your security project funded today!

In near every business adding costs to Information Systems will be seen, by the people running the business, as a cost first, benefit second. Remarkably this still holds true despite a constant pulse of security events hitting the C-Level desks. So let's, as security professionals, develop an understanding of the C-Suite and the C-Levels as to their priorities.

Jun 11, 2018 • 5 min read