ipollock
Posts: 137
Joined: Wed Aug 31, 2016 10:46 am

Updating IIS Configuration with Powershell custom action

Thu Dec 09, 2021 10:39 pm

I would like to change some application configurations, mainly the authentication types - instead of using Anonymous, use Windows Authentication.
Looks like this works ok with the root Default Website as shown in my working example below.

However I have tried the same with applications on the Default Website and only been able to update one. There are 30 apps that require the authentication method change. I've created a script that works fine in Powershell (tested on windows 10 and windows server 2019) but when it's imported into the Advanced Installer inline Powershell script field, then built and run it continues to fail and roll-back. Strangely when i run it as a 'run powershell script file (attached file .PS1)' custom action instead, it does complete. I'm wondering if there is a particular method or layout, vocabulary or form within the custom action that i'm missing. Again, it works perfectly from Powershell ISE and results are good there.

This works perfectly well but the bigger changes in the other script do not. Note, the param is imported correctly and "WAUTH_ON" is one of the reponses to a radio button choice during install.

#Import variables from installer to PowerShell
Param ($SetWinAuth)

# Set Opt-in Web Apps to Windows Authentication
If
($SetWinAuth -eq "WAUTH_ON")
{Set-WebConfigurationProperty -filter "/system.webServer/security/authentication/AnonymousAuthentication" -name enabled -value false -Location "Default Web Site" -PSPath IIS:\
Set-WebConfigurationProperty -filter /system.web/identity -name impersonate -value false -PSPath 'IIS:\Sites\Default Web Site'
Set-WebConfigurationProperty -filter /system.web/authentication -name mode -value Windows -PSPath 'IIS:\Sites\Default Web Site'
Set-WebConfigurationProperty -filter "/system.webServer/security/authentication/windowsAuthentication" -name enabled -value true -location "Default Web Site" -PSPath IIS:\}

# Set Opt-in Web Apps to Anonymous Authentication
ElseIf
($SetWinAuth -eq "WAUTH_OFF")
{Set-WebConfigurationProperty -filter "/system.webServer/security/authentication/AnonymousAuthentication" -name enabled -value true -Location "Default Web Site" -PSPath IIS:\
Set-WebConfigurationProperty -filter /system.web/identity -name impersonate -value false -PSPath 'IIS:\Sites\Default Web Site'
Set-WebConfigurationProperty -filter /system.web/authentication -name mode -value Windows -PSPath 'IIS:\Sites\Default Web Site'
Set-WebConfigurationProperty -filter "/system.webServer/security/authentication/windowsAuthentication" -name enabled -value false -location "Default Web Site" -PSPath IIS:\}

The method i'm using in the 'run powershell inline script' is as follows:

1. Use the custom action tool
2. Set it to 64-bit
3. No import variable required this time.
4. Set up variables
5. I unlock the config file with: cmd.exe /c %windir%/system32/inetsrv/appcmd unlock config /section:anonymousAuthentication (for example)
6. I then use the following code and repeat it for each application within the same script.

# Set Authentication Method for EFT
$PSPathFull = Join-Path -Path $PSApertaRoot -ChildPath $PSPathAEFT
Set-WebConfigurationProperty -pspath $PSPathFull -filter $filterAnon -name $propertyName -value $propertyFValue
Set-WebConfigurationProperty -filter $filterImpers -name $propertyImpers -value $propertyFValue -PSPath $PSPathFull
Set-WebConfigurationProperty -pspath $PSPathFull -filter $filterWin -name $propertyName -value $propertyTValue

Notes:
$PSPathFull is the full path to the property i want to change (eg: $PSApertaRoot = 'IIS:\Sites\Default Web Site\' joined with $PSPathAEFT )
$PSPathAEFT is the application identity (eg: $PSPathAEFT = 'ApertaActiveEFT')
$filterAnon is the filter path (eg: $filterAnon = "/system.webServer/security/authentication/anonymousAuthentication")
$propertyName is the name of the property i want to change (eg: $propertyName = "enabled")
$propertyFValue is the property value i want to change it to (eg: $propertyTValue = "true" or $propertyFValue = "false")


Thanks for your help and if you need any further info, please ask.

Catalin
Posts: 6537
Joined: Wed Jun 13, 2018 7:49 am

Re: Updating IIS Configuration with Powershell custom action

Mon Dec 13, 2021 4:43 pm

Hello,

Unfortunately, I can not say for sure why this happens.

In order for me to have a better look at this, could you please forward me the following resources:

- a copy of the .AIP file

- a download link for the executable

- a step-by-step test case which I can use in order to reproduce this (e.g. how to test the script in both Advanced Installer and outside of it)

by e-mail at support at advancedinstaller dot com?

If it works as a PowerShell script file and outside of Advanced Installer, I would assume it is some error with the syntax.

Best regards,
Catalin
Catalin Gheorghe - Advanced Installer Team
Follow us: Twitter - Facebook - YouTube

ipollock
Posts: 137
Joined: Wed Aug 31, 2016 10:46 am

Re: Updating IIS Configuration with Powershell custom action

Tue Dec 14, 2021 2:37 pm

I will try a simpler option by creating a model and see how that responds. Will be in touch again afterwards if i still need help.

Best regards,
Ian

Catalin
Posts: 6537
Joined: Wed Jun 13, 2018 7:49 am

Re: Updating IIS Configuration with Powershell custom action

Tue Dec 14, 2021 3:01 pm

Sure thing, Ian!

Best regards,
Catalin
Catalin Gheorghe - Advanced Installer Team
Follow us: Twitter - Facebook - YouTube

Return to “Building Installers”