[Sample of Feb 24th] Change AppPool identity programmatically in Windows Azure
 |
 |
|
 |
 |
|
Sample Download: https://code.msdn.microsoft.com/CSAzureChangeAppPoolIdentit-27099828
Today’s code sample demonstrates changing AppPool identity programmatically in Windows Azure. Most of customers test their applications to connect to cloud entities like storage, SQL Azure, AppFabric services via compute emulator environment. If the customer's machine is behind proxy that does not allow traffic from non-authenticated users, their connections fail. One of the workaround is to change the application identity. This cannot be done manually for Azure scenario since the app pool is created by Azure when it is actually running the service. Hence, Microsoft All-In-One Code Framework provides this sample that customers can use to change the AppPool identity programmatically.
The sample was written by the Microsoft Escalation Engineer Narahari Dogiparthi.
You can find more code samples that demonstrate the most typical programming scenarios by using Microsoft All-In-One Code Framework Sample Browser or Sample Browser Visual Studio extension. They give you the flexibility to search samples, download samples on demand, manage the downloaded samples in a centralized place, and automatically be notified about sample updates. If it is the first time that you hear about Microsoft All-In-One Code Framework, please watch the introduction video on Microsoft Showcase, or read the introduction on our homepage https://1code.codeplex.com/.
Introduction
Most of customers test their applications to connect to cloud entities like storage, SQL Azure, AppFabric services via compute emulator environment. If the customer's machine is behind proxy that does not allow traffic from non-authenticated users, their connections fail. One of the workaround is to change the application identity. This cannot be done manually for Azure scenario since the app pool is created by Azure when it is actually running the service. Hence, I have written sample customers can use to change the AppPool identity programmatically.
Lots of customers ask about this in the Windows Azure forum. Here are some of the threads:
https://social.msdn.microsoft.com/Forums/en/windowsazuretroubleshooting/thread/6998b90a-64e3-401c-aa89-06641dbaec27
https://social.msdn.microsoft.com/Forums/en-GB/windowsazureconnectivity/thread/ea791e1c-d9a0-4673-b519-5269d11cf8e3
Building the Sample
This sample needs to be configured with sitename, domain user/password, before running it.
Under OnStart() Method, you will find three variables as mentioned below. These three variables needs to be configured by user before running the sample.
// Name of the site. Default name Azure gives to website is "Web". If this is changed,
// you would need to assign the name of the site to siteName variable. This can be
// obtained from ServiceDefinition.def file.
var siteName = "Web";
// Please change the domain\user to domain account that you would like to configure
// for AppPool to run under
var userName = @"Domain\user";
// Password of the above specified domain user
var password = "********"; //***This must be changed
For non – Azure scenarios, one additional step is needed. Under OnStart() method , locate below line of code.
//Get the name of the appPool that is created by Azure
appPoolName = serverManager.Sites[RoleEnvironment.CurrentRoleInstance.Id + "_" + siteName].Applications.First().ApplicationPoolName;
Running the Sample
Configure the variables as mentioned in the “Building the sample” section and then run the sample by clicking F5 in VS or build the sample and run the exe. Once you confirm that the sample is working, take the code from OnStart() method and incorporate with actual application.
Using the Code
Add references to Microsoft.Web.Administration (location: <systemdrive>\system32\inetsrv), System.DirectoryServices (Location: .Net framework installation directory) assemblies and add below using statements to your project.
using Microsoft.Web.Administration;
using System.DirectoryServices;
Code that gets AppPool using given parameters and changes its identity to configured user.
// Name of the site. Default name Azure gives to website is "Web". If this is changed,
// you would need to assign the name of the site to siteName variable. This can be
// obtained from ServiceDefinition.def file.
var siteName = "Web";
// Please change the domain\user to domain account that you would like to configure
// for AppPool to run under
var userName = @"Domain\user";
// Password of the above specified domain user
var password = "********"; //***This must be changed
// This variable is used to iterate through list of Application pools
var metabasePath = "IIS://localhost/W3SVC/AppPools";
// This variable is to get the name of AppPool that is created by Azure for current Azure service
var appPoolName = "";
using (ServerManager serverManager = new ServerManager())
{
//Get the name of the appPool that is created by Azure
appPoolName = serverManager.Sites[RoleEnvironment.CurrentRoleInstance.Id + "_" + siteName].Applications.First().ApplicationPoolName;
}
// Get list of appPools at specified metabasePath location
using (DirectoryEntry appPools = new DirectoryEntry(metabasePath))
{
// From the list of appPools, Search and get the appPool that is created by Azure
using (DirectoryEntry azureAppPool = appPools.Children.Find(appPoolName, "IIsApplicationPool"))
{
if (azureAppPool != null)
{
// Set the AppPoolIdentityType to 3. This is equalient to MD_APPPOOL_IDENTITY_TYPE_SPECIFICUSER -
// The application pool runs as a specified user account.
// Refer to:
// https://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/e3a60d16-1f4d-44a4-9866-5aded450956f.mspx?mfr=true,
// https://learn.iis.net/page.aspx/624/application-pool-identities/
// for more info on AppPoolIdentityType
azureAppPool.InvokeSet("AppPoolIdentityType", new Object[] { 3 });
// Configure username for the AppPool with above specified username
azureAppPool.InvokeSet("WAMUserName", new Object[] { userName });
// Configure password for the AppPool with above specified password
azureAppPool.InvokeSet("WAMUserPass", new Object[] { password });
// Write above settings to IIS metabase
azureAppPool.Invoke("SetInfo", null);
// Commit the above configuration changes that are written to metabase
azureAppPool.CommitChanges();
}
}
return base.OnStart();
}
More Information
For more information on AppPoolIdentityTypes refer to