Automatically create a virtual directory using ADSI, ASP, and a pair of magic tricks

Virtual directory

Automate the creation of a virtual directory using ADSI, ASP, and a pair of magic tricks, Part II
Tom Moran and Jeff sandquist
February 22, 1999

We're back. The second part of this article, which is eagerly awaited, is now here. And I think you will spend the whole evening watching your cat clean yourself.

This month, Jeff sandquist and I completed our Dynamic Directory Service interface (Active directory Services interfaces, ADSI) applications. If you come a little late, there is no problem; just see part 1 of this series http://www.microsoft.com/workshop/server/asp/server012599.asp. Last month, we identified a user as a member of a privileged group. We then display a form that includes a list box with each user name in that particular group of users. This form allows us to select a user and choose permissions for the user's new virtual directory. Now we'll get the data from this form and create a new virtual directory on the Web server, define it as an application, give the option to open script permissions, and specify the appropriate permissions on the folder. Jeff Sandquist will guide us in this process.

At the end of this article, we have an important, sad announcement that makes the Earth shatter. Clinton, O.J, Clemens and everything seems pale. I'm sure the AP will notice it, but you'll see it first. Please continue reading.

In the exhibition

Last month, our table existed in a virtual directory called Servin. We can use the Internet Information Server (IIS) security environment in Iusr_<machine Name> to perform the requested operation. We need an admin identity to create the directory and specify permissions.

One way to achieve this is to migrate the Iusr_<machine name> account to the Administrators group. A better approach would be to create a new virtual directory on the Web server (we will call Servinsecure) and set it to operate in an admin environment, rather than in a iusr_<machine name> environment. Our forms will be saved in the Servin directory

The form's processor will be saved in a directory called Servinsecure. Start the Microsoft Management Console (Microsoft Management console,mmc) and then right-click the default Web site to create a new virtual directory. Select New/virtual Directory. Create a virtual directory called "Servinsecure" (without quotes). You also need to provide a physical path to a folder that was previously created in your Web server file system. Once you have created this virtual directory, right-click the newly created virtual directory on MMC and select Properties to display the virtual directory attributes.

Select the Directory Security tab, select the Edit button, and then select Enable Anonymous ... to edit the identity confirmation method for this resource. A dialog box with the title authentication methods appears. Select the Edit button, and then select Account used for Anonymous Access. A final dialog box titled Anonymous User account appears. Change the user name default value from iusr_< machine name > to Administrator, deselect Password sync, and provide password for administrator account. Select OK on the remaining dialog box to make the change take effect.

The following is a graphic of the dialog box:

ASP code

Let's look at the code together. We will define some variables for our application. Create a dynamic server page called createdirectory.asp (Active Server Pages, ASP) file, where you insert the following code:
<%@ Language=vbscript%>
<% Option Explicit%>
<HTML>
<HEAD>
<meta name= "generator" content= "Microsoft Visual Studio 6.0" >
</HEAD>
<BODY>

<%
Dim strvirtualdirectoryname ' IIS virtual directory name
Dim bolinprocessapplication ' handles IIS in the application tag
Dim objIIS ' ADSI IIS Object
Dim Strvirtualdirectorypath ' IIS virtual directory path
Dim Objfilesystem ' VBScript file system object
Dim Strowner ' NT folder owner
Dim objvirtualdirectory ' ADSI IIS Virtual directory object
Dim bolscriptpermissions ' IIS script permission token
Dim strhttpreferer ' IIS reference page
Dim strservername ' NT Local machine name
Dim objwsh ' Windows Scripting Host Object
Dim OBJRTC ' Back
Dim Straclcommand ' Set ACLS command line string

We wanted to make sure that the user came from our form and didn't cheat our server. We will retrieve the Httpreferer server variable and the server name to test it. You can do a lot of checking here, and we don't have to be very strong in our tests. For excellent articles about secure sites, check out easy application state securely (http://www.15seconds.com/Issue/990114.htm), which is organized by the Dmitry Khanine. At the end of the code, insert the following code:
Strhttpreferer = Request.ServerVariables ("Http_referer")
strServerName = Request.ServerVariables ("SERVER_NAME")

' Did we come from our form? ' If not, access is denied

If strhttpreferer <> "http://" & strServerName & "/servin/default.asp" Then
Response.Write ("Access Denied")
Response.End
End If

Now that our web page has confirmed that our users are passing the results from our form, we can get the values of the virtual directory, owners (owner), and script permissions (scripts Permissions) tags. Notice how we change from the value obtained from Checkboxscript, set to True if it is selected, or False if it is not selected. After your last code, insert the following code:
Strvirtualdirectoryname = Request.Form ("Textvirtualdirectory")
Strowner = Request.Form ("Selectowner")

If Request.Form ("checkboxscript") = "on" Then
Bolscriptpermissions = "True"
Else
Bolscriptpermissions = "False"
End If

We need to verify that the IIS application exists. Using the IIS Admin object, we check whether the application already exists and pass the appropriate warning to the user.

' Does this IIS application already exist in the metabase?

On Error Resume Next
Set objIIS = GetObject ("iis://localhost/w3svc/1/root/" & Strvirtualdirectoryname)

If Err.Number = 0 Then
Response.Write ("A application with this name already exists." Click ")
Response.Write ("<a href=http://" & strServerName & "/servin/default.asp>")
Response.Write ("here</a> to choose A different name.")
Response.End
End If

Set objIIS = Nothing
Now we will use the IIS Admin object to create the IIS application in the meta database.

' Create an IIS application
Set objIIS = GetObject ("Iis://localhost/w3svc/1/root")
Strvirtualdirectorypath = Objiis.path & "\" & Strvirtualdirectoryname
Using the FileSystemObject object in VBScript, we will test whether the folder exists in this filesystem, and if not, we will use the CreateFolder command to create it.
Set Objfilesystem = Server.CreateObject ("Scripting.FileSystemObject")

"Test to" if the folder exists in the filesystem. If not, create it

On Error Resume Next
Set Folder = Objfilesystem.getfolder (Strvirtualdirectorypath)
If Hex (Err.Number) = "4C" Then
Objfilesystem.createfolder Strvirtualdirectorypath
End If

Set Objfilesystem = Nothing

Using the Administration object (which we used many times in this article), we open Script permissions (this option has been selected by the user) and define the virtual directory as an application in the process.
' Create a folder on the file system

Set objvirtualdirectory = objiis.create ("IIsWebVirtualDir", Strvirtualdirectoryname)
Objvirtualdirectory.accessscript = Bolscriptpermissions
Objvirtualdirectory.path = Strvirtualdirectorypath
Objvirtualdirectory.setinfo
Objvirtualdirectory.appcreate bolinprocessapplication

Now take a look at this trick: set permissions. We do think this is a very simple part. Unfortunately, there is no object in ADSI that can set permissions for the virtual directory. Panicked, and there was a feeling of discomfort. (or was it caused by a big Thai dinner last night?) ）

Search 15seconds.com's ADSI list server and find a reference to Dos CACLS. EXE file communication (http://listserv.15seconds.com/scripts/wa15seconds.exe?A2=ind9806C&L=ADSI&P=R1861) and use it via DOS cmd file. We think we can write a Visual Basic package for this feature and get it involved in a custom component (next month's article topic), but there must be a quicker way.

We continued our search in the Windows Scripting Host FAQ (http://wsh.glazier.co.nz/frame.htm) organized by Ian Morris, and found out from Windows Scripting Host? Several lines of code that invoke the DOS command.

We tried to use Windows Scripting Host to invoke CACLS.exe from an ASP file and our Web page could not be executed. The application failed. Why is that? We step through the DOS command prompt to debug this command to find the CACLS.EXE command waiting for us to use Y as Yes to confirm the operation. There must be a way to make yes the default value.

Check that the command line option does not find any hidden switches. On this point, open the browser and visit online support found CACLS.EXE should be used with care.

We trembled with excitement and found the article q135268:how to use CACLS. EXE in a Batch File (http://support.microsoft.com/support/kb/articles/q135/2/68.asp). Aha, good old dos redirect. Use the channel to transmit a Y to CACLS.exe to represent yes.

Here is the code we used to build the command string and invoke the Windows Scripting Host shell from the ASP file.

' Set change Permissions for the developer using CACLS.exe
Straclcommand = "cmd/c echo y| CACLS "
Straclcommand = Straclcommand & Strvirtualdirectorypath
Straclcommand = straclcommand & "/g" & Strowner & ": C"

Set objwsh = Server.CreateObject ("Wscript.Shell")
OBJRTC = Objwsh.run (Straclcommand, 0, True)

Set objwsh = Nothing

This may not be the best solution for scalability. A custom component can help you better in a large application. If you need one, the artisans software has a free component (http://www.softartisans.com/softartisans/safilemanager.html) that allows you to change permissions on the folder through his object model. (It also has some other cool features, such as a dotted input/output image, an operation. ini file, and more.) ）

Our final code confirms that everything we do is worthwhile.

Response.Write ("<b>web application Created sucessfully</b><br>")
Response.Write ("Path:" & Strvirtualdirectorypath & "<BR>")
Response.Write ("Script Permissions:" & bolscriptpermissions & "<BR>")
Response.Write (Strowner & "has been granted change permissions<br>")
%>
</BODY>
</HTML>

That's it. When looking for answers to questions, it's important to remember to use multiple resources. List servers, FAQs and Microsoft Knowledge Base contain this category of articles.

It's the news. Because of the enthusiastic response we receive in each ASP column, we will dedicate our columns to this technology. The predictable change is that we will introduce the famous Jeff Sandquist. So what's so sad about it? Tom Moran will leave Servin ' It up--but don't be surprised if you see him somewhere else in the future.

Jeff Sandquist (one of Microsoft's best French Canadians) is a member of the developer-supported active Server pages expansion group and is also a Visual InterDev MVP program (http://support.microsoft.com /support/supportnet/supportpartners/mvps/brochuregeneral.asp) is the main person in charge.