IISPassword Web User Admin

This section relates to the web services that can be used to configure IISPassword user accounts.

Requirements

The web services require at least ASP.NET version 2.0

Installation

The web service is not installed by default, as it must be installed into IIS as a virtual directory (application).

  1. Open up IIS Management Console
  2. Expand out "Web Sites" and right click on the site you want to install the web services into.
  3. Select New -> Virtual Directory
  4. Click Next
  5. Enter the alias (name) for the folder (for instance IISPasswordService)
  6. Click Next, then "Browse"
  7. Navigate to the installation path (default C:\Program Files\IISPassword) and select the web service folder, then click "Ok"
  8. Click Next, then make sure "Read" and "Run Scripts" are enabled.
  9. Click Next, then Finish.
  10. Right click the new virtual directory, and select "properties".
  11. If there is an ASP.NET tab verify that version 2 or greater is selected from the dropdown. If you only have version 2 installed, you won't have to do this step.
  12. Select the "Web Service Extensions" folder, and make sure that ASP.NET shows as "Allowed".  To allow it, right click, and select "Allow".

Configuration

By default the services will not be enabled.  You need to setup the remote admin username and password in order to enable them.

  1. Open up IIS Management Console
  2. Right click "Web Sites" and select "Properties"
  3. Select the IISPassword tab
  4. In the "Admin Access" section, check the "Allow Admin Web Services" box, and enter a username and password. Note that zero length usernames and passwords are not allowed.
  5. Click Apply, then OK.

Security

When using these web services remotely you should use an https connection to secure your admin username and password. This is not necessary if the web services are only used locally. The other security method is an IP access list, which can be set on the Directory Security tab of the virtual directory's property window.

Usage

You can use the web services by navigating to http(s)://[server-ip]/[alias]/IISPasswordWeb.asmx for instance http://localhost/IISPasswordService/IISPasswordWeb.asmx

After connecting to this, you will see the different actions available. Each require you to enter the server admin username and password.

You can use these web services to update or view a given .htpasswd file. You need to know this in advance before trying to update. It will create a password file on the add user actions, if no file already exists.

You can use these web services from other applications to automate the adding and removal of users for a specific section of your site.

The operations available are AddUser, DeleteUser, ListUsers and UpdateUser.