WebAdministrationDsc icon indicating copy to clipboard operation
WebAdministrationDsc copied to clipboard

Published 20 hours ago verified publisher icon dsccommunity

xWebApplication enhancement - specific user credentials for physical path

Open DaveFranks opened this issue 6 years ago • 11 comments

When adding an application there is no way to supply a specific user to the physical path. The default of "Application User (pass-through authentication)" will not work if alternate credentials are required to the location. This is especially true when using UNC paths to other devices.

This is a request to enhance the module to accept a specific user credential for the physical path that the application is using.

DaveFranks avatar Apr 19 '18 19:04 DaveFranks

Labeled this as help wanted so that someone in the community can run with it.

johlju avatar Apr 27 '18 14:04 johlju

I think this a great idea. I've got a unique requirement with Azure Files in which I need a DSC configuration to utilize it as a UNC path; however, it requires a different credential to access it. Passing those credentials in along with the physical path would be awesome.

mwhisler avatar Jun 14 '18 00:06 mwhisler

I am glad I found right discussion I am trying to create a webApplication on IIS pointing to Azure File share using PowerShell DSC xWebApplication as below xWebApplication AppName { DependsOn = "[xWebSite]xWebSiteName" Name = "appname" PhysicalPath = "\azurefileshare\etc" WebAppPool = $AppPoolName Website = $WebSiteName } I am getting "Parameter 'PhysicalPath' should point to existing path." error where the mentioned path can be accessed manually and able to set to IIS application manually. All the user accounts involved in the process have full control access on file share Also observed in Process Monitor that PowerShell DSC kicks off "C:\windows\system32\wbem\wmiprvse.exe" running as NT AUTHORITY\SYSTEM and not sure how to change user when running th PowerShell DSC.

image Can someone help in this regard please.

cm5778 avatar May 17 '21 18:05 cm5778

Should not the path start with two \\?

It is possible to provide a credential with the built-in parameter PSDscRunAsCredential, does it work in this scenario?

johlju avatar May 17 '21 19:05 johlju

Thanks @johlju for your response Sorry I missed \ above, the path I am using as \\ only. Can you please specify where exactly to add PSDscRunAsCredential in the script

cm5778 avatar May 17 '21 19:05 cm5778

The same as the other parameters, like this:

xWebApplication AppName
{
    DependsOn = "[xWebSite]xWebSiteName"
    Name = "appname"
    PhysicalPath = "\azurefileshare\etc"
    WebAppPool = $AppPoolName
    Website = $WebSiteName
    PSDscRunAsCredential = (Get-Credential)
}

of course you change to pass the PSCredential variable that holds the credential you need.

johlju avatar May 17 '21 19:05 johlju

But the issue might be that you need one credential to run the resource and another credential to connect to the share? 🤔

johlju avatar May 17 '21 19:05 johlju

after specifying PSDscRunAsCredential getting a prompt for credentials and following with below error after manually providing credentials image

cm5778 avatar May 17 '21 19:05 cm5778

You should have certificates to protect the credentials in the compiled MOF. If this is a lab you can opt-in for plain text passwords.

johlju avatar May 17 '21 19:05 johlju

See more information here: https://docs.microsoft.com/en-us/powershell/scripting/dsc/configurations/configdatacredentials

johlju avatar May 17 '21 19:05 johlju

Thanks @johlju I will try those suggestions and will reach back.

cm5778 avatar May 17 '21 21:05 cm5778