IIS Application Pool Security Hole#

The other day I was automating some IIS routines such as creating and editing application pools.  I found that the user and password for the application pool can be retrieved in plain text very easily using the code below.

string serverName = Environment.MachineName;

DirectoryEntry appPools =

   new DirectoryEntry(string.Format("IIS://{0}/W3SVC/AppPools", serverName));

appPools.RefreshCache();

 

foreach (DirectoryEntry entry in appPools.Children)

{

   Console.WriteLine(

      "User: " + entry.Properties["WAMUserName"].Value +

      " Password: " + entry.Properties["WAMUserPass"].Value);

The above sample is going against IIS6.  The moral of the story is watch what user you use for IIS app pools.

Blog Post
Sunday, December 30, 2007 7:43:53 PM (GMT Standard Time, UTC+00:00) #    Comments [1]  | 

 

Dell XPS m1330 Take Two#

So I decided to buy another m1330, but this time upgrade a bit.  I went for the 64GB solid state drive and the LED display.

The solid state drive is awesome, it boots up a full 15 seconds faster than my other m1330.  Finally I have a laptop that can run VM’s at a decent speed off of the internal hard drive.  I also installed 64 bit Vista so now I have 4 gigs of ram which is nice.  Installing 64 bit Vista was an interesting task, but in the end I have everything working except the fingerprint reader application.

At first I really did not notice a difference with the LED screen but after using it for a while and then looking at the regular screen on my other m1330 I really noticed a difference.  It seems much easier on my eyes.

There was a great comment on my last post about the HDMI output.  If you right click on the volume control in the system tray and choose playback devices you can choose HDMI for audio output.

Blog Post
Sunday, December 30, 2007 6:59:04 PM (GMT Standard Time, UTC+00:00) #    Comments [0]  | 

 

AccountManagment in .NET 3.5#

I can’t believe it took this long to get a better way to manage users and groups through code!

There is a new namespace in .NET 3.5 System.DirectoryServices.AccountManagement which allows easy management of users and groups via code.

Below shows how easy it is to get the local IIS_WPG group:

 PrincipalContext context = new PrincipalContext(ContextType.Machine);
 GroupPrincipal iisWpgGroup = GroupPrincipal.FindByIdentity(context, IdentityType.Name, "IIS_WPG")

It used to difficult to even find if a user was a member of a group.  Now there is a “Contains” on the group and there is also LINQ which is what I used.

var addedUser = iisWpgGroup.Members.SingleOrDefault(principal => principal.SamAccountName == "User1");

The above will return the member if they are there or null if the member is not in the group.  It is also stupid simple to add and remove members from a group.

Add Local:

iisWpgGroup.Members.Add(context, IdentityType.Name, “User1”);

iisWpgGroup.Save();

Add Domain:

PrincipalContext domainContext = new PrincipalContext(ContextType.Domain, domain);
iisWpgGroup.Members.Add(domainContext, IdentityType.SamAccountName, “User1”);

iisWpgGroup.Save();

Remove:

var user = iisWpgGroup.Members.SingleOrDefault(p => p.SamAccountName == “User1”);
if (user != null)
{
       iisWpgGroup.Members.Remove(user);
       iisWpgGroup.Save();
}

Blog Post
Tuesday, December 04, 2007 5:16:07 PM (GMT Standard Time, UTC+00:00) #    Comments [0]  | 

 

All content © 2008, John Luif