Re: Setting IPGrant on a folder from a WebMethod

From: Joe Kaplan \(MVP - ADSI\) (joseph.e.kaplan_at_removethis.accenture.com)
Date: 02/21/05 

Date: Mon, 21 Feb 2005 10:51:14 -0600

The IIS provider for ADSI doesn't use alternate credentials. It only works
based on the security context of the current thread. The credentials you
pass in are simply ignored.

In order to get this to work, you need to make the current security context
have the correct rights to perform the action.

Joe K.

"DAve" <dsalonius@pobox.com> wrote in message
news:1109004163.416526.183190@l41g2000cwc.googlegroups.com...
>I want to be able to limit access to a folder in IIS by IP address. I
> am trying to add IP addresses from a WebMethod to the IPGrant property.
> Here's my code:
>
> DirectoryEntry defaultRoot = new
> DirectoryEntry("IIS://SERVERNAME/w3svc/1/root/examplefolder",username,password,
> AuthenticationTypes.Secure);
> defaultRoot.RefreshCache();
> object oIPSecurity = defaultRoot.Invoke("Get", new
> string[]{"IPSecurity"});
> Type t = oIPSecurity.GetType();
> //Get the list of granted IPs
> Array IPs = (Array)t.InvokeMember("IPGrant", BindingFlags.GetProperty,
> null, oIPSecurity, null);
> //create a new Array of IPs
> object[] newIPs = new object[IPs.Length+1];
> //copy the existing IPs to the new Array
> IPs.CopyTo(newIPs,0);
> //add a new value
> newIPs.SetValue("192.168.0.21",IPs.Length);
> //Set the new IPlist
> t.InvokeMember("IPGrant", BindingFlags.SetProperty, null, oIPSecurity,
> new object[]{newIPs});
> defaultRoot.Invoke("Put", new object[]{"IPSecurity", oIPSecurity});
> defaultRoot.CommitChanges();
>
> When executed, I get this error:
>
> System.UnauthorizedAccessException: Access is denied. at
> System.DirectoryServices.Interop.IAds.SetInfo() at
> System.DirectoryServices.DirectoryEntry.CommitChanges()
>
>>>From the research I've done, I'm concerned that the solution to this
> problem is going to be a security threat. Any thoughts or alternative
> ideas to accomplish this?
>
> Thanks,
>
> David
>