2

I want to read some settings of the application pool using the ServerManager object from the Microsoft.Web.Administration.dll. The problem is that it works only if the identity of the application pool is a windows user with administrator privileges. Otherwise I am getting UnauthorizedAccessException - Filename: redirection.config; Error: Cannot read configuration file due to insufficient permissions. Is there any workaround about this issue. My code is the following:

        ServerManager manager = new ServerManager();
        string currentSiteName = System.Web.Hosting.HostingEnvironment.SiteName;
        Site currentSite = manager.Sites[currentSiteName];
        string appVirtaulPath = HttpRuntime.AppDomainAppVirtualPath;

        string appPoolName = string.Empty;
        foreach (Application app in currentSite.Applications)
        {
            string appPath = app.Path;
            if (appPath == appVirtaulPath)
            {
                appPoolName = app.ApplicationPoolName;
            }
        }

        ApplicationPool currentAppPool = manager.ApplicationPools[appPoolName];

Thanks!

Improve this question

1 Answer 1

Reset to default
3

No, there is no workaround to read the configuration file without causing a big security concern. What are you trying to accomplish?

If reading configuration settings, you can use an API in the same DLL that will give you read-only configuration access for that site settings, such as reading web.config or values in applicationHost.config for that site only, and not encrypted ones (such as passwords). The API is called WebConfigurationManager and has a static method called GetSection, such as WebConfigurationManager.GetSection("system.webServer/defaultDocument")

See: https://msdn.microsoft.com/en-us/library/microsoft.web.administration.webconfigurationmanager.getsection.aspx

However, several settings (namely all the ones used to start the process w3wp.exe) are not possible to be read through that API. Short story: Unfortunately for security reasons many of those settings are not possible to be read from a worker process. There are some things you can read using server variables such as Request.ServerVariables["APP_POOL_ID"]), or Request.ServerVariables["APP_POOL_CONFIG"]). Of course bitness you could calculate the size of a pointer (4 or 8), or use environment variables (like PROCESSOR_ARCHITECTURE)

Longer story: In IIS for security reasons we take the applicationHost.config file and we split it into smaller application pool.config files (by default located at C:\inetpub\temp\appPools) which are isolated for security reasons so that even if untrusted code were to run in the process (w3wp.exe) to try to steal/read the settings of other sites it would be physically impossible. You can open the file and see which settings are there and you can read those. You'll notice the appPools section is missing entirely since that is only used by WAS to start w3wp.exe.

Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

I am trying to get (read-only) some application pool settings like: Enable32BitAppOnWin64, ProcessModel.IdleTimeout, etc. They are properties of the ApplicationPool object which also comes from Microsoft.Web.Administration.dll (see my code in the initial question). WebConfigurationManager.GetSection works for getting the elements of system.webServer section in web.config without the need of admin user (thank you for that suggestion - I needed those settings also), but not for getting the app pool settings.
added some edits to add the AppPool section, unfortunately you wont be able to read IdleTimeout for example since that is not even used in the process (w3wp.exe) but instead only by WAS to shutdown w3wp.exe when needed.
Thank you for your explanation. It perfectly answers my question.
Great answer, helped me on a different situation, thanks.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.