How TO: Change Application Pool Identity Programmatically
A few days back I had a thought that how a System Administrator tend to have the same settings on all his thousand-plus servers. Definitely he wouldn't go around in each and every server of his and try creating a new virtual directory or an application pool. He will have some script written that will replicate the settings in every server.
So, there came a thought why don’t I write an ASP.NET2.0 code that might be used as a starter for everyone who is interested doing the same and SO, here I am with my new blog.
Before I start please take a few minutes to go through this MSDN article. I know it will take days together to go through every metabase property, but take this few minutes to have this article added to your favorites J
IIS Metabase Properties
https://msdn2.microsoft.com/en-us/library/ms525644.aspx
I started my application with the initial thoughts that I will focus majorly on changing the application pool identity programmatically. But I have included a few basic operations like creating/deleting or starting/stopping the application pool. So here goes my code. Create a new ASP.NET2.0 website and add these lines of code in the code behind.
using System.DirectoryServices;
public partial class _Default : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
//Initialize the metabase path
string metabasePath = "IIS://localhost/W3SVC/AppPools";
//Specify the name for your application pool
string appPoolName = "testAppPool"; //specify the domain account as domain\username
//Specify the identity that will run the application pool
string appPoolUser = "User1";
//Specify the password for the user
string appPoolPass = "Password1";
DirectoryEntry pool1;
DirectoryEntry apppools = new DirectoryEntry(metabasePath);
pool1 = apppools.Children.Find(appPoolName, "IIsApplicationPool");
/*Change Application Pool Identity*/
pool1.InvokeSet("AppPoolIdentityType", new Object[] { 3 });
pool1.InvokeSet("WAMUserName", new Object[] { Environment.MachineName + @"\" + appPoolUser }); //If you are using a local account
pool1.InvokeSet("WAMUserPass", new Object[] { appPoolPass });
/*Commit changes*/
pool1.CommitChanges();
}
}
That’s it!!! Go ahead and check the IIS admin to make sure that the identity is set to run under the desired user. J
THINGS THAT NEEDS TO BE TAKEN CARE OF:
Ø Make a copy of the metabase before making any changes.
Ø Make sure that the identity running the application has necessary permissions to access the metabase, generally should be an Administrator account.
Ø Make sure that the identity that you are using is a part of IIS_WPG group
FEW MORE TIPS:
I need to –
Ø Create new application pool
pool1 = apppools.Children.Add(appPoolName, "IIsApplicationPool");
Ø Start application pool
pool1.Invoke("start", new object[] { });
Ø Stop application pool
pool1.Invoke("stop", new object[] { });
Ø Delete application pool.
apppools.Children.Remove(pool1);
Note: Make sure to find the application pool first and be sure not to commit changes after removing
Ø Change Recycle Worker Process(in minutes)
pool1.InvokeSet("PeriodicRestartTime", new Object[] { 2400 });
Please let me know if I have missed something, any feedback appreciated!
Have fun coding!!!