1 # Licensed to the .NET Foundation under one or more agreements.
2 # The .NET Foundation licenses this file to you under the MIT license.
3 # See the LICENSE file in the project root for more information.
4
5 #Requires -RunAsAdministrator
6
7 #
8 # Run this script on the IIS server machine.
9 # Tested on Windows 2016 TP5
10 #
11
12 Param (
13 [switch] $uninstall=$false
14 )
15
16 # Imports:
17 . .\setup_common.ps1
18 . .\setup_certificates.ps1
19 . .\setup_firewall.ps1
20
21 # Server application configuration
22 $script:iisWwwRoot = "$env:systemdrive\inetpub\wwwroot"
23 $script:defaultWebSite = "Default Web Site"
24
25 $script:webApps = @(
26 @{Name = "NoAuth";
27 IISRelativePath = "";
28 SourceRelativePath = ".\";
29
30 Configuration = @()
31 },
32
33 @{Name = "BasicAuth";
34 IISRelativePath = "BasicAuth";
35 SourceRelativePath = "\";
36 Configuration = @(
37 @{ Path = "/system.webServer/security/authentication/anonymousAuthentication"; Name = "Enabled"; Value = "False" }
38 @{ Path = "/system.webServer/security/authentication/basicAuthentication"; Name = "Enabled"; Value = "True" }
39 );
40 UserAccess = @( $script:basicUserName )
41 },
42
43 @{Name = "DigestAuth";
44 IISRelativePath = "DigestAuth";
45 SourceRelativePath = "\";
46 Configuration = @(
47 @{ Path = "/system.webServer/security/authentication/anonymousAuthentication"; Name = "Enabled"; Value = "False" }
48 @{ Path = "/system.webServer/security/authentication/digestAuthentication"; Name = "Enabled"; Value = "True" }
49 );
50 UserAccess = @( $script:basicUserName )
51 },
52
53 @{Name = "WindowsAuth";
54 IISRelativePath = "WindowsAuth";
55 SourceRelativePath = "\";
56 Configuration = @(
57 @{ Path = "/system.webServer/security/authentication/anonymousAuthentication"; Name = "Enabled"; Value = "False" }
58 @{ Path = "/system.webServer/security/authentication/windowsAuthentication"; Name = "Enabled"; Value = "True" }
59 );
60 UserAccess = @( "$($script:domainNetbios)\$($script:domainUserName)" )
61 }
62 )
63
64 $script:COREFX_ROLE_NAME = "COREFX_NET_IISSERVER"
65
InstallIIS()66 Function InstallIIS
67 {
68 Write-Host -ForegroundColor Cyan "Installing IIS components."
69 Install-WindowsFeature -Name Web-Server,Web-Basic-Auth,Web-Digest-Auth,Web-Windows-Auth,Web-Cert-Auth,Web-Asp-Net45,Web-WebSockets -IncludeManagementTools -ErrorAction Stop | Out-Null
70 }
71
RemoveIIS()72 Function RemoveIIS
73 {
74 Write-Host -ForegroundColor Cyan "Removing IIS components."
75 Uninstall-WindowsFeature -Name Web-Server -IncludeManagementTools
76 }
77
CreateLocalUser()78 Function CreateLocalUser
79 {
80 # A local user is required to allow Basic and Digest authentication. (WDigest not supported.)
81 Write-Host -ForegroundColor Cyan "Creating local user account."
82 Remove-LocalUser $script:basicUserName -Confirm:$false -ErrorAction SilentlyContinue
83 New-LocalUser $script:basicUserName -PasswordNeverExpires -Password (ConvertTo-SecureString $script:basicUserPassword -AsPlainText -force) | Out-Null
84 }
85
RemoveLocalUser()86 Function RemoveLocalUser
87 {
88 Write-Host -ForegroundColor Cyan "Removing local user account."
89 Remove-LocalUser $script:basicUserName -Confirm:$false
90 }
91
ConfigureWebSites()92 Function ConfigureWebSites
93 {
94 Write-Host -ForegroundColor Cyan "Configuring IIS websites."
95
96 # SSL Bindings
97 $sslCert = GetServerCertificate
98
99 Get-WebBinding -Port 443 -Name $script:defaultWebSite | Remove-WebBinding
100 New-WebBinding -Name $script:defaultWebSite -Protocol https -Port 443
101
102 Remove-Item -Path "IIS:\SslBindings\*"
103 New-Item -Path "IIS:\SslBindings\0.0.0.0!443" -Value $sslCert -Force | Out-Null
104 }
105
GrantUserAccess($path, $userAccess)106 Function GrantUserAccess($path, $userAccess)
107 {
108 foreach ($user in $userAccess)
109 {
110 $acl = Get-Acl $path
111 $ar = New-Object System.Security.AccessControl.FileSystemAccessRule($user, "ReadAndExecute", "Allow")
112 $acl.SetAccessRule($ar)
113 Set-Acl $path $acl
114 }
115 }
116
InstallServerCode()117 Function InstallServerCode
118 {
119 Write-Host -ForegroundColor Cyan "Installing applications."
120 $serverCodeRootPath = GetIISCodePath
121
122 foreach ($app in $script:webApps)
123 {
124 Write-Host -ForegroundColor DarkGray "`tInstalling webApp: $($app.Name)"
125
126 $appPath = Join-Path $script:iisWwwRoot $app.IISRelativePath
127
128 if ($(Get-WebApplication $app.Name) -ne $null)
129 {
130 Write-Host "`tRemoving $($app.Name)"
131 Remove-WebApplication -Site $script:defaultWebSite -Name $app.Name
132 Remove-Item ($appPath + "\*") -Recurse -Force -ErrorAction SilentlyContinue
133 }
134
135 Write-Host "`tAdding $($app.Name)"
136
137 $tempPath = Join-Path $serverCodeRootPath $app.SourceRelativePath
138 mkdir $appPath -ErrorAction SilentlyContinue | Out-Null
139 Copy-Item ($tempPath + "\*") $appPath -Recurse -ErrorAction Stop
140
141 New-WebApplication -Site $script:defaultWebSite -Name $app.Name -PhysicalPath $appPath | Out-Null
142
143 foreach ($config in $app.Configuration)
144 {
145 Set-WebConfigurationProperty -Filter $config.Path -Name $config.Name -Value $config.Value -PSPath IIS:\ -location "$($script:defaultWebSite)/$($app.Name)" -ErrorAction Stop
146 }
147
148 GrantUserAccess $appPath $app.UserAccess
149 }
150 }
151
RemoveServerCode()152 Function RemoveServerCode
153 {
154 Write-Host -ForegroundColor Cyan "Removing server code."
155 foreach ($app in $script:webApps)
156 {
157 Write-Host -ForegroundColor DarkGray "`tRemoving webApp files: $($app.Name)"
158 $appPath = Join-Path $script:iisWwwRoot $app.IISRelativePath
159 rmdir -Recurse -Force $appPath -ErrorAction SilentlyContinue
160 }
161 }
162
Install()163 Function Install
164 {
165 Write-Host -ForegroundColor Cyan "Installing prerequisites for test role: $($script:COREFX_ROLE_NAME)"
166 CheckMachineInfo
167
168 InstallIIS
169 InstallServerCertificates
170 CreateLocalUser
171 ConfigureWebSites
172 InstallServerCode
173 InstallServerFirewall
174
175 EnvironmentSetInstalledRoleStatus
176 }
177
Uninstall()178 Function Uninstall
179 {
180 Write-Host -ForegroundColor Cyan "Removing prerequisites for test role: $($script:COREFX_ROLE_NAME)"
181
182 EnvironmentCheckUninstallRoleStatus
183
184 RemoveServerFirewall
185 RemoveIIS
186 RemoveServerCertificates
187 RemoveLocalUser
188 RemoveServerCode
189
190 EnvironmentRemoveRoleStatus
191 }
192
193 if ($uninstall)
194 {
195 Uninstall
196 }
197 else
198 {
199 Install
200 }
201