-
Notifications
You must be signed in to change notification settings - Fork 149
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add Support for Editing Anonymous Authentication Credentials #241
Comments
+1, this is an issue for us. |
+1 |
1 similar comment
+1 |
+1 AuthenticationInfo = `
MSFT_xWebApplicationAuthenticationInformation
{
Anonymous = $true
Basic = $false
Digest = $false
Windows = $false
} Where can I find definition of MSFT_xWebApplicationAuthenticationInformation? Does it contain other properties which could be used to provide user/password information? Or should I introduce another parameter for this functionality, something like that: AuthenticationInfo = MSFT_xWebApplicationAuthenticationInformation
{
Anonymous = $true
Basic = $false
Digest = $false
Windows = $false
};
AnonymousAuthenticationInfo = @{
User="TestUser";
Password = "secret"
} Necessary configuration sections are described here: |
@cezarypiatek Sorry that nobody answered you for so long. I think you need a new property |
I can take it. |
Awesome! I have labeled this as 'In progress'. Thanks! |
Is this a thing yet ? I really need this feature |
I've started to implement it on my fork https://github.com/cezarypiatek/xWebAdministration but I haven't had time to manage the UT. Btw I think that In the meantime I've found xIISApplicationPoolIdentityType resource which probably is the missing part. |
@cezarypiatek Agree with that those should be refactored to use helper functions, same goes for the *Defaults resource(s) too. |
I've got stuck with weird error related to CIM objects. The issue is described in related PR Can somebody help me with that? |
@johlju @kwirkykat could you help me? |
@cezarypiatek Thanks for submitting the PR for this issue. Sorry for the delay. I'll take a look at the error you're running into later tonight and reproduce in my environment. |
@regedit32 Any progress on the PR yet? |
Still waiting for a help, no response from @regedit32 so far. |
@cezarypiatek I see you have some recent commits, are you close to having a working solution? |
@twerthi I'm in the middle of adding tests for this feature in |
Any progress to report on? |
Would be great to have this. Currently using some idempotent powershell to accomplish this. |
Thanks for the reminder. I will try to get back to this on Saturday. |
I think I've finished with UT for |
Two things:
|
@cezarypiatek I think for item 2 you should have MSFT_Credential for the property Password in MSFT_xWebAnonymousAuthenticationCredentials, otherwise the password will not be encrypted. Looking at item 1 now. |
For item 1. Could it be that it does not return the correct object on this line Could this be the problem? |
@johlju so CIM fields cannot be null? |
Honestly not sure, but Get-DscConfiguration that is failing in the integration test usually fails if the return value has the wrong type. So I’m guessing it tries to access the object, but there are no objects. To test it, I would hard code an object in the code and manually run Get-DscConfiguration to see what the value can and cannot contain. 🤔 |
thanks, I will try this. |
Ok, I'm trying now to implement it using cc: @johlju |
What I meant it should return an CIM Instance of the instance We are talking about this line in the schema, right? |
I think that introducing |
Using MSFT_Credential means the credentials (password) get encrypted when the configuration is compile. This is the default, that compiling a configuration containing a MSFT_Credential requires a certificate to protect the password. Using the other instance would not be secure. So changing the property AnonymousCredentials to a MSFT_Credential would probably be the easiest. |
Is there any progress on this issue? |
This was been worked on in Pr #408. If anyone want to send in a new PR to continue this work then please do. |
After the discussion about security, I was forced to start everything from the begging. Unfortunately, I haven't had time to finish it. My current work is available on my fork. If anyone has a resource to continue it, feel free to use my work, |
@cezarypiatek Thank you for the update! 🙂 |
Not a solution to this issue, but a workaround for some: The CIS documentation suggests that the |
DSC workarounds for setting the default Anonymous Authentication Credentials username to blank. The Option 1 with WebAdministrationDSC
Option 2 with Script/xScript
|
This should be available in xWebApplication and xWebSite. It should allow setting the username/password or setting them to blank which forces it to use the Application Pool credentials.
The text was updated successfully, but these errors were encountered: