-----------------------------------------------------------
New Message on BDOTNET
-----------------------------------------------------------
From: LovedJohnySmith
Message 4 in Discussion
Bhanu: You can use the System.DirectoryServices namespace classes for this.
But everything depends on what you call remote computer (intranet internet).
DirectoryEntry IIS; IIS = new DirectoryEntry("IIS://Class1", "administrator",
"class1password",
AuthenticationTypes.Secure) ; Okay, let me try to explain in clear.
If you connect using Internet Information Services snap-in, and you don't
"connect as", you are using the credentials of the current logon user to
authenticate. When these credentials are not valid, you will get challenged,
that is you are presented a dialog box with a title "Access Denied", and you
can supply the correct credentials. Note that the local IIS Admin doesn't use
IIS Admin Objects to connect to the remote server, it simply uses RPC's over
SMB protocol, just like all other management tools in NT (performance manager,
computer management etc...) When you connect using IIS Admin Objects (IIS ADSI
provider)from a remote client, you can't specify explicit credentials, the
program must run with the credentials valid to manipulate the metabase on the
remote server. That means that the user running this program must be an
account with "administrative" privileges on the IIS server (unless you changed
the master operators property settings of IIS), with the same password as this
account on the remote server.
Consider the following C# program:
using System;
using System.DirectoryServices;
using System.Runtime.InteropServices;
class IISAdmin{
public static void Main() {
DirectoryEntry Root = new DirectoryEntry("IIS://serverA/w3svc/1");
// Following will not work, whatever credentials you specify, unless the user
running this as the
// same credentials as the IIS administrator of serverB
// new DirectoryEntry("IIS://serverA/w3svc/1", "username", "password);
foreach(DirectoryEntry de in Root.Children) {
try {
Console.WriteLine(de.Properties["ServerComment"].Value);
}
catch(COMException e)
{ // catch no such property and continue
if(e.ErrorCode != -2147463162){
continue;
}
}
}
Root.Dispose();
}
}
Say you have Server A running IIS, Server B running this program.
Say you have on A an account named "IISADMIN" with pwd "IISPWD" and this
account is member of the administrators alias on A, and on
serverB the same account named "IISADMIN" with pwd "IISPWD"
When you run this program, in a logon session as "IISADMIN", password="IISPWD",
the program will succeed.
Anything else will fail with "Access Denied".
Another thing to remember is when using ADSI over the internet, you need to
open port 135 at the firewalls..... (no single firewall admin worth his salt
would ever do this). Thanx, Smith
-----------------------------------------------------------
To stop getting this e-mail, or change how often it arrives, go to your E-mail
Settings.
http://groups.msn.com/bdotnet/_emailsettings.msnw
Need help? If you've forgotten your password, please go to Passport Member
Services.
http://groups.msn.com/_passportredir.msnw?ppmprop=help
For other questions or feedback, go to our Contact Us page.
http://groups.msn.com/contact
If you do not want to receive future e-mail from this MSN group, or if you
received this message by mistake, please click the "Remove" link below. On the
pre-addressed e-mail message that opens, simply click "Send". Your e-mail
address will be deleted from this group's mailing list.
mailto:[EMAIL PROTECTED]
