IIS Shared Configuration?

[wasabii]

Any interest in this? I have a module as part of my own DSC pack I could contribute. It uses the Enable-IisSharedConfig PowerShell cmdlets to set it up and keep it up to date.

[WilliamSaxton]

Hi wasabii I'm currently working on a project that requires this functionality. Id be extremely interested in seeing this added :)

[LiquoriChris]

I would also be interested in seeing this. We recently deployed our first shared config. Pulling this and centralized cert store into the DSC would be pretty cool.

[wasabii]

`

[DscResource()]
class cIISSharedConfig
{

[DscProperty(Key)]
[string]$Name

[DscProperty(Mandatory)]
[Ensure]$Ensure

[DscProperty(Mandatory)]
[string]$PhysicalPath

[DscProperty()]
[PSCredential]$UserCredential

[DscProperty(Mandatory)]
[string]$KeyEncryptionPassword

[DscProperty()]
[bool]$DontCopyRemoteKeys = $false

<#
	This method returns a hashtable with the current IIS shared configuration information.
#>
[Hashtable] GetIISSharedConfig()
{
	$c = ConvertFrom-StringData ((Get-IISSharedConfig) -join "`r`n").Replace('\', '\\')
	
	return @{
		Enabled = $c['Enabled'] -eq 'True'
		PhysicalPath = $c['Physical Path']
		UserName = $c['UserName']
	}
}

<#
	Enables the IIS shared configuration.
#>
[Hashtable] EnableIISSharedConfig(
	[string]$PhysicalPath, 
	[PSCredential]$UserCredential, 
	[SecureString]$KeyEncryptionPassword, 
	[bool]$DontCopyRemoteKeys)
{
    if (!($PhysicalPath)) {
        throw 'PhysicalPath required.';
    }

    if (!($KeyEncryptionPassword)) {
        throw 'KeyEncryptionPassword required.';
    }

	$c = $this.GetIISSharedConfig()
	if ($c) {
		Write-Verbose 'Enabling IIS Shared Configuration...'
        if ($UserCredential) {
		    Enable-IISSharedConfig `
			    -PhysicalPath $PhysicalPath `
			    -UserName $UserCredential.UserName `
			    -Password (ConvertTo-SecureString -AsPlainText -Force $UserCredential.GetNetworkCredential().Password) `
			    -KeyEncryptionPassword $KeyEncryptionPassword `
			    -Force
        } else {
            Enable-IISSharedConfig `
			    -PhysicalPath $PhysicalPath `
			    -KeyEncryptionPassword $KeyEncryptionPassword `
			    -Force
        }
		$c = $this.GetIISSharedConfig()
	}

	return $c
}

<#
	Disables the IIS shared configuration.
#>
[Hashtable] DisableIISSharedConfig()
{
	$c = $this.GetIISSharedConfig();
	if ($c) {
		Write-Verbose 'Disabling IIS Shared Configuration...'
		Disable-IISSharedConfig
		$c = $this.GetIISSharedConfig();
	}
	
	return $c
}

[cIISSharedConfig] Get()
{
	$c = $this.GetIISSharedConfig();
	$this.Ensure = if ($c.Enabled) { [Ensure]::Present } else { [Ensure]::Absent }
	$this.PhysicalPath = $c.PhysicalPath
	return $this
}

[void] Set()
{
	if ($this.Ensure -eq [Ensure]::Present)
	{
		$c = $this.GetIISSharedConfig()
		$cEnabled = $c.Enabled
		$cPhysicalPath = $c.PhysicalPath -eq $this.PhysicalPath
		$cUserName = if ($this.UserCredential) { $c.UserName -eq $this.UserCredential.UserName } else { [string]::IsNullOrEmpty($c.UserName) }

		# check whether any properties are different from current state
		if (!$cEnabled -or !$cPhysicalPath -or !$cUserName)
		{
			$c = $this.EnableIISSharedConfig(
				$this.PhysicalPath,
				$this.UserCredential,
				(ConvertTo-SecureString -AsPlainText -Force $this.KeyEncryptionPassword),
				$this.DontCopyRemoteKeys)
			if (!$c.Enabled) {
				throw "Could not enable IIS Shared Configuration."
			}
		}
	}

	if ($this.Ensure -eq [Ensure]::Absent)
	{
		$c = $this.GetIISSharedConfig()
		if ($c.Enabled) {
			$c = $this.DisableIISSharedConfig()
			if ($c.Enabled) {
				throw "Could not disable IIS Shared Configuration."
			}
		}
	}
}

[bool] Test()
{
	$c = $this.GetIISSharedConfig()

	if ($this.Ensure -eq [Ensure]::Present)
	{
		if ($c.Enabled -ne $true) {
			Write-Verbose "Enabled != True"
			return $false
		}

		if ($c.PhysicalPath -ne $this.PhysicalPath) {
			Write-Verbose "PhysicalPath != $($this.PhysicalPath)"
			return $false
		}

        if ($this.UserCredential) {
		    if ($c.UserName -ne $this.UserCredential.UserName) {
			    Write-Verbose "UserName != $($this.UserCredential.UserName)"
			    return $false;
		    }
        }
	}

	if ($this.Ensure -eq [Ensure]::Absent)
	{
		if ($c.Enabled -ne $false) {
			Write-Verbose "Enabled != False"
			return $false;
		}
	}

	return $true
}

}
`

[wasabii]

So, the above worked. But, I'm going to change it up. I'm using Get-IISSharedConfig, Enable-IISSharedCOnfig, etc. These commands are available only on 2016, apparently.

[whytoe]

Any updated on this one?

[johlju]

I labeled this as resource proposal and help wanted so that someone in the community can ran with this.

[kamidon74]

So how is this one doing?

[markatdxb]

Hello, any update by chance on this one ? thanks

[johlju]

The community has not sent in a PR that add this functionality.