1 # Licensed to the .NET Foundation under one or more agreements.
2 # The .NET Foundation licenses this file to you under the MIT license.
3 # See the LICENSE file in the project root for more information.
4 
5 #Requires -RunAsAdministrator
6 
7 #
8 #   Run this script on the IIS server machine.
9 #   Tested on Windows 2016 TP5
10 #
11 
12 Param (
13     [switch] $uninstall=$false
14 )
15 
16 # Imports:
17 . .\setup_common.ps1
18 . .\setup_certificates.ps1
19 . .\setup_firewall.ps1
20 
21 # Server application configuration
22 $script:iisWwwRoot = "$env:systemdrive\inetpub\wwwroot"
23 $script:defaultWebSite = "Default Web Site"
24 
25 $script:webApps = @(
26     @{Name = "NoAuth";
27         IISRelativePath = "";
28         SourceRelativePath = ".\";
29 
30         Configuration = @()
31      },
32 
33     @{Name = "BasicAuth";
34         IISRelativePath = "BasicAuth";
35         SourceRelativePath = "\";
36         Configuration  = @(
37             @{ Path = "/system.webServer/security/authentication/anonymousAuthentication"; Name = "Enabled"; Value = "False" }
38             @{ Path = "/system.webServer/security/authentication/basicAuthentication"; Name = "Enabled"; Value = "True" }
39         );
40         UserAccess = @( $script:basicUserName )
41      },
42 
43     @{Name = "DigestAuth";
44         IISRelativePath = "DigestAuth";
45         SourceRelativePath = "\";
46         Configuration  = @(
47             @{ Path = "/system.webServer/security/authentication/anonymousAuthentication"; Name = "Enabled"; Value = "False" }
48             @{ Path = "/system.webServer/security/authentication/digestAuthentication"; Name = "Enabled"; Value = "True" }
49         );
50         UserAccess = @( $script:basicUserName )
51      },
52 
53     @{Name = "WindowsAuth";
54         IISRelativePath = "WindowsAuth";
55         SourceRelativePath = "\";
56         Configuration  = @(
57             @{ Path = "/system.webServer/security/authentication/anonymousAuthentication"; Name = "Enabled"; Value = "False" }
58             @{ Path = "/system.webServer/security/authentication/windowsAuthentication"; Name = "Enabled"; Value = "True" }
59         );
60         UserAccess = @( "$($script:domainNetbios)\$($script:domainUserName)" )
61      }
62 )
63 
64 $script:COREFX_ROLE_NAME = "COREFX_NET_IISSERVER"
65 
InstallIIS()66 Function InstallIIS
67 {
68     Write-Host -ForegroundColor Cyan "Installing IIS components."
69     Install-WindowsFeature -Name Web-Server,Web-Basic-Auth,Web-Digest-Auth,Web-Windows-Auth,Web-Cert-Auth,Web-Asp-Net45,Web-WebSockets -IncludeManagementTools -ErrorAction Stop | Out-Null
70 }
71 
RemoveIIS()72 Function RemoveIIS
73 {
74     Write-Host -ForegroundColor Cyan "Removing IIS components."
75     Uninstall-WindowsFeature -Name Web-Server -IncludeManagementTools
76 }
77 
CreateLocalUser()78 Function CreateLocalUser
79 {
80     # A local user is required to allow Basic and Digest authentication. (WDigest not supported.)
81     Write-Host -ForegroundColor Cyan "Creating local user account."
82     Remove-LocalUser $script:basicUserName -Confirm:$false -ErrorAction SilentlyContinue
83     New-LocalUser $script:basicUserName -PasswordNeverExpires -Password (ConvertTo-SecureString $script:basicUserPassword -AsPlainText -force) | Out-Null
84 }
85 
RemoveLocalUser()86 Function RemoveLocalUser
87 {
88     Write-Host -ForegroundColor Cyan "Removing local user account."
89     Remove-LocalUser $script:basicUserName -Confirm:$false
90 }
91 
ConfigureWebSites()92 Function ConfigureWebSites
93 {
94     Write-Host -ForegroundColor Cyan "Configuring IIS websites."
95 
96     # SSL Bindings
97     $sslCert = GetServerCertificate
98 
99     Get-WebBinding -Port 443 -Name $script:defaultWebSite | Remove-WebBinding
100     New-WebBinding -Name $script:defaultWebSite -Protocol https -Port 443
101 
102     Remove-Item -Path "IIS:\SslBindings\*"
103     New-Item -Path "IIS:\SslBindings\0.0.0.0!443" -Value $sslCert -Force | Out-Null
104 }
105 
GrantUserAccess($path, $userAccess)106 Function GrantUserAccess($path, $userAccess)
107 {
108     foreach ($user in $userAccess)
109     {
110         $acl = Get-Acl $path
111         $ar = New-Object System.Security.AccessControl.FileSystemAccessRule($user, "ReadAndExecute", "Allow")
112         $acl.SetAccessRule($ar)
113         Set-Acl $path $acl
114     }
115 }
116 
InstallServerCode()117 Function InstallServerCode
118 {
119     Write-Host -ForegroundColor Cyan "Installing applications."
120     $serverCodeRootPath = GetIISCodePath
121 
122     foreach ($app in $script:webApps)
123     {
124         Write-Host -ForegroundColor DarkGray "`tInstalling webApp: $($app.Name)"
125 
126         $appPath = Join-Path $script:iisWwwRoot $app.IISRelativePath
127 
128         if ($(Get-WebApplication $app.Name) -ne $null)
129         {
130             Write-Host "`tRemoving $($app.Name)"
131             Remove-WebApplication -Site $script:defaultWebSite -Name $app.Name
132             Remove-Item ($appPath + "\*") -Recurse -Force -ErrorAction SilentlyContinue
133         }
134 
135         Write-Host "`tAdding $($app.Name)"
136 
137         $tempPath = Join-Path $serverCodeRootPath $app.SourceRelativePath
138         mkdir $appPath -ErrorAction SilentlyContinue | Out-Null
139         Copy-Item ($tempPath + "\*") $appPath -Recurse -ErrorAction Stop
140 
141         New-WebApplication -Site $script:defaultWebSite -Name $app.Name -PhysicalPath $appPath | Out-Null
142 
143         foreach ($config in $app.Configuration)
144         {
145             Set-WebConfigurationProperty -Filter $config.Path -Name $config.Name -Value $config.Value -PSPath IIS:\ -location "$($script:defaultWebSite)/$($app.Name)" -ErrorAction Stop
146         }
147 
148         GrantUserAccess $appPath $app.UserAccess
149     }
150 }
151 
RemoveServerCode()152 Function RemoveServerCode
153 {
154     Write-Host -ForegroundColor Cyan "Removing server code."
155     foreach ($app in $script:webApps)
156     {
157         Write-Host -ForegroundColor DarkGray "`tRemoving webApp files: $($app.Name)"
158         $appPath = Join-Path $script:iisWwwRoot $app.IISRelativePath
159         rmdir -Recurse -Force $appPath -ErrorAction SilentlyContinue
160     }
161 }
162 
Install()163 Function Install
164 {
165     Write-Host -ForegroundColor Cyan "Installing prerequisites for test role: $($script:COREFX_ROLE_NAME)"
166     CheckMachineInfo
167 
168     InstallIIS
169     InstallServerCertificates
170     CreateLocalUser
171     ConfigureWebSites
172     InstallServerCode
173     InstallServerFirewall
174 
175     EnvironmentSetInstalledRoleStatus
176 }
177 
Uninstall()178 Function Uninstall
179 {
180     Write-Host -ForegroundColor Cyan "Removing prerequisites for test role: $($script:COREFX_ROLE_NAME)"
181 
182     EnvironmentCheckUninstallRoleStatus
183 
184     RemoveServerFirewall
185     RemoveIIS
186     RemoveServerCertificates
187     RemoveLocalUser
188     RemoveServerCode
189 
190     EnvironmentRemoveRoleStatus
191 }
192 
193 if ($uninstall)
194 {
195     Uninstall
196 }
197 else
198 {
199     Install
200 }
201