将应用程序池的标识设置为Azure中的LocalSystem

Question

有没有办法在ServiceDefinition.csdef或其他位置执行此操作，而无需转到IIS并手动进行调整？

我试过executionContext="elevated"用于卷轴，不起作用。

UPDATE

如果您安装了 “IIS 6元数据库兼容性” 在Azure上IIS，我如下所示会消失的错误。

这引发了另一个问题，即如何在Azure的部署阶段自动安装“IIS 6元数据库兼容性”。

---

@astaykov，我想发表评论，但低于太大的代码，所以我用这个地方。

我用写韦德瓦格纳一样的代码：在appPoolName

public override bool OnStart() 
     { 
      // http://code.msdn.microsoft.com/windowsazure/CSAzureChangeAppPoolIdentit-27099828 
      // This variable is used to iterate through list of Application pools 
      string metabasePath = "IIS://localhost/W3SVC/AppPools"; 
      string appPoolName; 
      using (ServerManager serverManager = new ServerManager()) 
      { 
       //Get the name of the appPool that is created by Azure 
       appPoolName = serverManager.Sites[RoleEnvironment.CurrentRoleInstance.Id + "_Web"].Applications.First().ApplicationPoolName; 
       // Get list of appPools at specified metabasePath location 
       using (DirectoryEntry appPools = new DirectoryEntry(metabasePath)) 
       { 
        // From the list of appPools, Search and get the appPool that is created by Azure 
        using (DirectoryEntry azureAppPool = appPools.Children.Find(appPoolName, "IIsApplicationPool")) 
        { 
         if (azureAppPool != null) 
         { 
          // Refer to: 
          // http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/e3a60d16-1f4d-44a4-9866-5aded450956f.mspx?mfr=true, 
          // http://learn.iis.net/page.aspx/624/application-pool-identities/ 
          // for more info on AppPoolIdentityType 
          azureAppPool.InvokeSet("AppPoolIdentityType", new Object[] { 0 }); // MD_APPPOOL_IDENTITY_TYPE_LOCALSYSTEM 
          // Write above settings to IIS metabase 
          azureAppPool.Invoke("SetInfo", null); 
          // Commit the above configuration changes that are written to metabase 
          azureAppPool.CommitChanges(); 
         } 
        } 
       } 
      } 
      RoleInRun = true; 
      TaskInRun = false; 
      return base.OnStart(); 
     } 

我能分辩值，但在这里发生了错误： using (DirectoryEntry azureAppPool = appPools.Children.Find(appPoolName, "IIsApplicationPool"))

我无处不在，但仍在寻找解决方案找不到线索 从IIS事件下面的错误：

Application: WaIISHost.exe 
Framework Version: v4.0.30319 
Description: The process was terminated due to an unhandled exception. 
Exception Info: System.Runtime.InteropServices.COMException 
Stack: 
    at System.DirectoryServices.DirectoryEntry.Bind(Boolean) 
    at System.DirectoryServices.DirectoryEntry.Bind() 
    at System.DirectoryServices.DirectoryEntry.get_IsContainer() 
    at System.DirectoryServices.DirectoryEntries.Find(System.String, System.String) 
    at GimmeRank.Redirector.WebRole.OnStart() 
    at Microsoft.WindowsAzure.ServiceRuntime.RoleEnvironment.InitializeRoleInternal(Microsoft.WindowsAzure.ServiceRuntime.Implementation.Loader.RoleType) 
    at Microsoft.WindowsAzure.ServiceRuntime.Implementation.Loader.RoleRuntimeBridge.<InitializeRole>b__0() 
    at System.Threading.ExecutionContext.runTryCode(System.Object) 
    at System.Runtime.CompilerServices.RuntimeHelpers.ExecuteCodeWithGuaranteedCleanup(TryCode, CleanupCode, System.Object) 
    at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) 
    at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object) 
    at System.Threading.ThreadHelper.ThreadStart() 

Anyideas？

Answer 1

executionContext =“elevated”只会将您的RoleEntryPoint作为本地SYSTEM帐户运行，但它不是IIS池标识。您可能想要查看this blog post by Wade Wagner。他在那里描述的内容可以在你的OnStart方法中与executionContext =“elevated”一起运行（因为只有管理员可以更改池身份）。如果这不适用于本地系统，则可以为RDP创建用户，它将添加到管理员组中，并且可以将iis应用程序池标识设置为该用户。

UPDATE

嗯，我用下面的方法（这是类似），它工作得很好：

private void SetAppPoolIdentity() 
{ 
    string appPoolUser = "myRDP_admin_user"; 
    string appPoolPass = "my_super_secure_password"; 

    Action<string> iis7fix = (appPoolName) => 
    { 
     bool committed = false; 
     while (!committed) 
     { 
      try 
      { 
       using (ServerManager sm = new ServerManager()) 
       { 
        var applicationPool = sm.ApplicationPools[appPoolName]; 
        applicationPool.ProcessModel.IdentityType = ProcessModelIdentityType.SpecificUser; 
        applicationPool.ProcessModel.UserName = appPoolUser; 
        applicationPool.ProcessModel.Password = appPoolPass; 
        sm.CommitChanges(); 
        committed = true; 
       } 
      } 
      catch (FileLoadException fle) 
      { 
       Trace.TraceError("Trying again because: " + fle.Message); 
      } 
     } 
    }; 

    // ServerManager in %WinDir%System32InetSrvMicrosoft.Web.Administration.dll 
    var sitename = RoleEnvironment.CurrentRoleInstance.Id + "_Web"; 
    var appPoolNames = new ServerManager().Sites[sitename].Applications.Select(app => app.ApplicationPoolName).ToList(); 
    appPoolNames.ForEach(iis7fix); 
} 

你能试试吗？请注意，它不适用于本地系统帐户，因为它不是真正的帐户，我们不能这样设置（至少我不知道该怎么做，但是对于RDP的特定帐户，它工作正常）。

Answer 2

创建start.cmd：

FOR /F "tokens=*" %%A IN ('%windir%/system32/inetsrv/APPCMD list wp /text:apppool.name') DO (

%systemroot%/system32/inetsrv/APPCMD set config /section:applicationPools /[name='%%A%':'].processModel.identityType:LocalSystem 

)