IISConfigUnlock.psm1
|
Write-Verbose 'Importing from [C:\MyProjects\IISConfigUnlock\IISConfigUnlock\private]' Write-Verbose 'Importing from [C:\MyProjects\IISConfigUnlock\IISConfigUnlock\public]' # .\IISConfigUnlock\public\Unlock-IISAnonymousAuth.ps1 function Unlock-IISAnonymousAuth { <# .SYNOPSIS Unlocks the 'anonymousAuthentication' web.config section so that a website/application can include this section in it's own web.config .DESCRIPTION Unlocks the 'anonymousAuthentication' web.config section so that a website/application can include this section in it's own web.config Specific section unlocked: 'system.webServer/security/authentication/anonymousAuthentication' .PARAMETER Location The logic path of a website that can now include this section in it's web.config .PARAMETER Commit Save changes to IIS immediately? Defaults to true .EXAMPLE Unlock-CaccaIISAnonymousAuth Description ----------- Unlock 'anonymousAuthentication' section for all websites .EXAMPLE Unlock-CaccaIISAnonymousAuth -Location MyWebsite Description ----------- Unlock 'anonymousAuthentication' section specifically for 'MyWebsite' and all child web application in this site .EXAMPLE Unlock-CaccaIISAnonymousAuth -Location MyWebsite/MyApp Description ----------- Unlock 'anonymousAuthentication' section specifically for 'MyApp' web application within 'MyWebsite' site .EXAMPLE New-CaccaIISWebsite MySite -Config { Unlock-CaccaIISAnonymousAuth -Location $_.Name -Commit:$false } Description ----------- Unlock 'anonymousAuthentication' section for the 'MySite' being created by the New-CaccaIISWebsite command #> [CmdletBinding()] param ( [string] $Location, [switch] $Commit ) begin { Set-StrictMode -Version Latest Get-CallerPreference -Cmdlet $PSCmdlet -SessionState $ExecutionContext.SessionState $callerEA = $ErrorActionPreference $ErrorActionPreference = 'Stop' if (!$PSBoundParameters.ContainsKey('Commit')) { $Commit = $true } } process { try { $sectionPath = 'system.webServer/security/authentication/anonymousAuthentication' $sectionPath | Unlock-IISConfigSection -Location $Location -Commit:$Commit } catch { Write-Error -ErrorRecord $_ -EA $callerEA } } } # .\IISConfigUnlock\public\Unlock-IISConfigSection.ps1 function Unlock-IISConfigSection { <# .SYNOPSIS Unlocks the specified web.config section so that a website/application can include this section in it's own web.config .DESCRIPTION Unlocks the specified web.config section so that a website/application can include this section in it's own web.config .PARAMETER SectionPath The web.config section to unlock .PARAMETER Section The web.config section to unlock .PARAMETER Location The logic path of a website that can now include this section in it's web.config .PARAMETER Commit Save changes to IIS immediately? Defaults to true .EXAMPLE Unlock-CaccaIISConfigSection -SectionPath 'system.webServer/security/authentication/anonymousAuthentication' Description ----------- Unlock 'anonymousAuthentication' section for all websites. Equivalent to: Unlock-CaccaIISAnonymousAuth .EXAMPLE New-CaccaIISWebsite MySite -Config { $params = @{ SectionPath = 'system.webServer/security/authentication/anonymousAuthentication' Location = $_.Name Commit = $false } Unlock-CaccaIISConfigSection @params } Description ----------- Unlock 'anonymousAuthentication' section for the 'MySite' being created by the New-CaccaIISWebsite command. Equivalent to: Unlock-CaccaIISAnonymousAuth #> [CmdletBinding()] param ( [Parameter(Mandatory, ParameterSetName='Path', ValueFromPipeline)] [ValidateNotNullOrEmpty()] [string] $SectionPath, [Parameter(Mandatory, ParameterSetName='Config', ValueFromPipeline)] [ValidateNotNullOrEmpty()] [Microsoft.Web.Administration.ConfigurationSection] $Section, [string] $Location, [switch] $Commit ) begin { Set-StrictMode -Version Latest Get-CallerPreference -Cmdlet $PSCmdlet -SessionState $ExecutionContext.SessionState $callerEA = $ErrorActionPreference $ErrorActionPreference = 'Stop' if (!$PSBoundParameters.ContainsKey('Commit')) { $Commit = $true } } process { try { if ($Commit) { Start-IISCommitDelay } $sectionConfig = if ($Section) { $Section } else { Get-IISConfigSection $SectionPath -Location $Location } $sectionConfig.OverrideMode = 'Allow' if ($Commit) { Stop-IISCommitDelay } } catch { Write-Error -ErrorRecord $_ -EA $callerEA } } } # .\IISConfigUnlock\public\Unlock-IISWindowsAuth.ps1 function Unlock-IISWindowsAuth { <# .SYNOPSIS Unlocks the 'windowsAuthentication' web.config section so that a website/application can include this section in it's own web.config .DESCRIPTION Unlocks the 'windowsAuthentication' web.config section so that a website/application can include this section in it's own web.config Specific section unlocked: 'system.webServer/security/authentication/windowsAuthentication' .PARAMETER Location The logic path of a website that can now include this section in it's web.config .PARAMETER Minimum Only allow an application to configure: * whether Windows authentication is enable/disabled * extended protection .PARAMETER Commit Save changes to IIS immediately? Defaults to true .EXAMPLE Unlock-CaccaIISWindowsAuth Description ----------- Unlock 'windowsAuthentication' section for all websites .EXAMPLE Unlock-CaccaIISWindowsAuth -Location MyWebsite Description ----------- Unlock 'windowsAuthentication' section specifically for 'MyWebsite' and all child web application in this site .EXAMPLE Unlock-CaccaIISWindowsAuth -Location MyWebsite/MyApp Description ----------- Unlock 'windowsAuthentication' section specifically for 'MyApp' web application within 'MyWebsite' site .EXAMPLE New-CaccaIISWebsite MySite -Config { Unlock-CaccaIISWindowsAuth -Location $_.Name -Commit:$false } Description ----------- Unlock 'windowsAuthentication' section for the 'MySite' being created by the New-CaccaIISWebsite command #> [CmdletBinding()] param ( [string] $Location, [switch] $Minimum, [switch] $Commit ) begin { Set-StrictMode -Version Latest Get-CallerPreference -Cmdlet $PSCmdlet -SessionState $ExecutionContext.SessionState $callerEA = $ErrorActionPreference $ErrorActionPreference = 'Stop' if (!$PSBoundParameters.ContainsKey('Commit')) { $Commit = $true } } process { try { if ($Commit) { Start-IISCommitDelay } $winAuthConfig = Get-IISConfigSection ` 'system.webServer/security/authentication/windowsAuthentication' ` -Location $Location $winAuthConfig.OverrideMode = 'Allow' if ($Minimum) { $winAuthConfig.SetMetadata('lockAllAttributesExcept', 'enabled') $winAuthConfig.SetMetadata('lockAllElementsExcept', 'extendedProtection') } if ($Commit) { Stop-IISCommitDelay } } catch { Write-Error -ErrorRecord $_ -EA $callerEA } } } Write-Verbose 'Importing from [C:\MyProjects\IISConfigUnlock\IISConfigUnlock\classes]' |