Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Feature: #241 Anonymous authentication #408

Open
wants to merge 9 commits into
base: main
Choose a base branch
from
112 changes: 111 additions & 1 deletion DSCResources/MSFT_xWebsite/MSFT_xWebsite.psm1
Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,7 @@ data LocalizedData
VerboseSetTargetWebsiteStarted = Successfully started website "{0}".
VerboseSetTargetWebsiteRemoved = Successfully removed website "{0}".
VerboseSetTargetAuthenticationInfoUpdated = Successfully updated AuthenticationInfo on website "{0}".
VerboseSetTargetAnonymousCredentialsUpdated = Successfully updated AnonymousCredentials on website "{0}".
VerboseSetTargetWebsitePreloadUpdated = Successfully updated Preload on website "{0}".
VerboseSetTargetWebsiteAutoStartUpdated = Successfully updated AutoStart on website "{0}".
VerboseSetTargetWebsiteAutoStartProviderUpdated = Successfully updated AutoStartProvider on website "{0}".
Expand All @@ -65,6 +66,7 @@ data LocalizedData
VerboseTestTargetFalsePreload = Preload for website "{0}" do not match the desired state.
VerboseTestTargetFalseAutoStart = AutoStart for website "{0}" do not match the desired state.
VerboseTestTargetFalseAuthenticationInfo = AuthenticationInfo for website "{0}" is not in the desired state.
VerboseTestTargetFalseAnonymousCredentials = AnonymousCredentials for website "{0}" is not in the desired state.
VerboseTestTargetFalseIISAutoStartProvider = AutoStartProvider for IIS is not in the desired state
VerboseTestTargetFalseWebsiteAutoStartProvider = AutoStartProvider for website "{0}" is not in the desired state
VerboseTestTargetFalseLogPath = LogPath does not match desired state on Website "{0}".
Expand Down Expand Up @@ -138,6 +140,7 @@ function Get-TargetResource
Select-Object Name,Type

[Array] $cimLogCustomFields = ConvertTo-CimLogCustomFields -InputObject $website.logFile.customFields.Collection
$anonymousCredentials = Get-AnonymousCredentials -Site $Name
}
# Multiple websites with the same name exist. This is not supported and is an error
else
Expand All @@ -160,6 +163,7 @@ function Get-TargetResource
DefaultPage = $allDefaultPages
EnabledProtocols = $website.EnabledProtocols
AuthenticationInfo = $cimAuthentication
AnonymousCredentials = $anonymousCredentials
PreloadEnabled = $website.applicationDefaults.preloadEnabled
ServiceAutoStartProvider = $website.applicationDefaults.serviceAutoStartProvider
ServiceAutoStartEnabled = $website.applicationDefaults.serviceAutoStartEnabled
Expand Down Expand Up @@ -229,6 +233,9 @@ function Set-TargetResource
[Microsoft.Management.Infrastructure.CimInstance]
$AuthenticationInfo,

[Microsoft.Management.Infrastructure.CimInstance]
$AnonymousCredentials,

[Boolean]
$PreloadEnabled,

Expand Down Expand Up @@ -526,6 +533,15 @@ function Set-TargetResource
-f $Name)
}

if($PSBoundParameters.ContainsKey('AnonymousCredentials') -and `
(Test-AuthenticationEnabled -Site $Name -Type 'Anonymous' ) -and `
( -not (Test-AnonymousCredentials -Site $Name -Credentials $AnonymousCredentials)))
{
Set-AnonymousAuthenticationCredentials -Site $Name -Credentials $AnonymousCredentials -ErrorAction Stop
Write-Verbose -Message ($LocalizedData.VerboseSetTargetAnonymousCredentialsUpdated `
-f $Name)
}

# Update Preload if required
if ($PSBoundParameters.ContainsKey('preloadEnabled') -and `
($website.applicationDefaults.preloadEnabled -ne $PreloadEnabled))
Expand Down Expand Up @@ -747,6 +763,9 @@ function Test-TargetResource
[Microsoft.Management.Infrastructure.CimInstance]
$AuthenticationInfo,

[Microsoft.Management.Infrastructure.CimInstance]
$AnonymousCredentials,

[Boolean]
$PreloadEnabled,

Expand Down Expand Up @@ -891,7 +910,14 @@ function Test-TargetResource
-AuthenticationInfo $AuthenticationInfo)))
{
$inDesiredState = $false
Write-Verbose -Message ($LocalizedData.VerboseTestTargetFalseAuthenticationInfo)
Write-Verbose -Message ($LocalizedData.VerboseTestTargetFalseAuthenticationInfo -f $Name)
}

if($PSBoundParameters.ContainsKey('AnonymousCredentials') -and `
(-not (Test-AnonymousCredentials -Site $Name -Credentials $AnonymousCredentials)))
{
$inDesiredState = $false
Write-Verbose -Message ($LocalizedData.VerboseTestTargetFalseAnonymousCredentials -f $Name)
}

#Check Preload
Expand Down Expand Up @@ -2234,6 +2260,90 @@ function Update-WebsiteBinding
}
}


function Test-AnonymousCredentials
{
[CmdletBinding()]
param
(
[Parameter(Mandatory = $true)]
[String]$Site,
[Microsoft.Management.Infrastructure.CimInstance]
$Credentials
)

$currentCredentials = Get-AnonymousCredentials -Site $Site

if($currentCredentials -eq $null)
{
return $false
}

($currentCredentials.UserName -eq $Credentials.UserName) -and ($currentCredentials.Password -eq $Credentials.Password)
}
<#
.SYNOPSIS
Helper function to extract credentials for anonymous authentication

.PARAMETER Site
Specifies the name of the Website.
#>
function Get-AnonymousCredentials
{
[CmdletBinding()]
param
(
[Parameter(Mandatory = $true)]
[String]$Site
)
$anonymousAuthentication = Get-WebConfiguration -Filter 'system.webServer/security/authentication/anonymousAuthentication' -PSPath "IIS:\Sites\$Site"
if($anonymousAuthentication.enabled)
{
New-CimInstance -ClassName MSFT_xWebAnonymousAuthenticationCredentials `
-ClientOnly `
-Property @{
UserName = ConvertTo-NotNullString -Value $anonymousAuthentication.userName
Password = ConvertTo-NotNullString -Value $anonymousAuthentication.password
}
}
}
<#
.SYNOPSIS
Helper function used to set credentials for anonymous authentication
.PARAMETER Site
Specifies the name of the Website.
.PARAMETER Credentials
A CimInstance of what state the Credentials should be
#>
function Set-AnonymousAuthenticationCredentials
{
[CmdletBinding()]
param
(
[Parameter(Mandatory = $true)]
[String]$Site,

[Microsoft.Management.Infrastructure.CimInstance]
$Credentials
)
$anonymousAuthenticationConfigurationPath = 'system.webServer/security/authentication/anonymousAuthentication'
Set-WebConfigurationProperty -Location $Site -Filter $anonymousAuthenticationConfigurationPath -Name 'userName' -Value $Credentials.UserName
Set-WebConfigurationProperty -Location $Site -Filter $anonymousAuthenticationConfigurationPath -Name 'password' -Value $Credentials.Password
}

function ConvertTo-NotNullString
{
param (
[string] $Value
)
if([string]::IsNullOrEmpty($Value))
{
return [string]::Empty
}else{
return $Value
}
}

#endregion

Export-ModuleMember -Function *-TargetResource
8 changes: 8 additions & 0 deletions DSCResources/MSFT_xWebsite/MSFT_xWebsite.schema.mof
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,13 @@ class MSFT_xWebAuthenticationInformation
[Write] Boolean Windows;
};

[ClassVersion("1.0.0")]
class MSFT_xWebAnonymousAuthenticationCredentials
{
[Write] String UserName;
[Write] String Password;
};

[ClassVersion("1.0.0")]
class MSFT_xLogCustomFieldInformation
{
Expand All @@ -42,6 +49,7 @@ class MSFT_xWebsite : OMI_BaseResource
[Write] String DefaultPage[];
[Write] String EnabledProtocols;
[write, EmbeddedInstance("MSFT_xWebAuthenticationInformation"), Description("Hashtable containing authentication information (Anonymous, Basic, Digest, Windows)")] String AuthenticationInfo;
[write, EmbeddedInstance("MSFT_xWebAnonymousAuthenticationCredentials"), Description("Credentials for Anonymous authentication")] String AnonymousCredentials;
[Write, Description ("Allows the Website to automatically start without a request")] Boolean PreloadEnabled;
[Write, Description ("Enables Autostart on a Website.")] Boolean ServiceAutoStartEnabled;
[Write, Description ("Adds a AutostartProvider")] String ServiceAutoStartProvider;
Expand Down
Loading