1

I have an IIS 8 website setup with an application within.

Using Powershell how can I get the "Physical Path Credentials Logon Type" setting (defaults to ClearText) for both the main site and the application?

What I have tried,

Setup a specific user and non default "Logon Type" for each of the applications.

(get-item IIS:\Sites\MYSITE).physicalPath (get-item IIS:\Sites\MYSITE).username (get-item IIS:\Sites\MYSITE).password

get me exactly the values I would expect but there is no "Logon Type" property available.

(get-item IIS:\Sites\MYSITE).virtualDirectoryDefaults

Shows the path,physicalPath,username and password all blank and has "logonMethod" set as the default "ClearText".

(get-item IIS:\Sites\MYSITE).Collection[0].virtualDirectoryDefaults

and

(get-item IIS:\Sites\MYSITE).Collection[1].virtualDirectoryDefaults

both show the same, the path,physicalPath,username and password all blank and the "logonMethod" is set as the default "ClearText".

Reason I want this is to add a check to a script that ensures sites meet a "settings check list", where I have been able to map all the other settings from powershell.

Improve this question

3 Answers 3

Reset to default
1

The solution is to stray from the WebAdministration module and into Microsoft.Web.Administration.ServerManager

Add-Type -AssemblyName "Microsoft.Web.Administration, Version=7.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL" $iis = new-object Microsoft.Web.Administration.ServerManager ($iis.Sites | where { $_.name -eq "MYSITE" }).applications[1] | select -ExpandProperty VirtualDirectories | select LogonMethod

returns

ClearText

The applications[1] indicates the second application, applications[0] is the root application.

The Add-Type version is important to avoid loading the IIS-Express server instance.

FYI because you have to create an instance of the server any changes in IIS manager are not available until you recreate that object.

Improve this answer
0

I think you stumbled upon the answer already. There doesn't seem to be an explicit property for this because the given credentials are just used to override the normal thread credentials.

You can, however, check to see if the username or password are set and create a function like this

function Get-PhysicalLogonType ($site) { if($site.username -eq '' -and $site.password -eq '') { return 'PassThrough' } return 'SpecificUser' } # ... use it somewhere in your script $site = (get-item IIS:\site\mysite) Get-PhysicalLogonType $site
Improve this answer
0

The below return the physicalPath of the VirtualDirectory and the logonMethod, I'm confident it can be done in such a way that you can target a specific "Application Directory".

Get-Item IIS:\Sites\* | Select-Object -ExpandProperty Collection | Select-Object -ExpandProperty Collection | Select-Object -Property physicalPath,logonMethod
Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.