Basic IIS config documentation

[george-andrei]

Hello,

Thank you for this awesome project! I was wondering if it's possible to provide some starting point regarding IIS config and how to initialize the application. Once I have the application running, I could help write a more in-depth documentation if needed. Also, is there in plan to provide already compiled releases?

George.

[KennethScott]

Yes! I am actually planning to publish a compiled release tonight for those that don't want to bother with Visual Studio. I would love to get some more detailed instructions on getting it running in IIS at that point. Right now you basically download/clone the repo and open with Visual Studio to build, and you can then run with kestrel if you just want to try it locally. If you want to run in IIS, the easiest is to do a file deployment from Visual Studio and create an app in IIS like you would any .NET5/Core app.

The only real prereq is the normal Hosting download

It sounds like a lot more than it is. 🙂. I'd love to get some more detailed instructions going. I can try to walk you through it once I get the compiled release version published if you want.

Thanks!

[george-andrei]

Alright, great! I have already start some tests, but in docker :) Unfortunately I can't install directly .NET5 in my machine right now as I have some other apps in .NET4 but will try this week in a VM. Regarding AD, is there any specific requirement?

[KennethScott]

Not that I'm aware of. You can actually put individual users in the SecurityPolicies.Groups configuration (in appsettings.json) as well as actual AD groups. I didn't realize that at first so the name "Groups" there is a bit of a naming fail on my part.
For example, any of the following work:

• yourDomain\yourUserId
• yourDomain\yourGroup
• or even like off a domain you can use yourMachineName\yourUserId

It just does a RequireRole() in startup.cs for each of them in that policy.

[KennethScott]

Hey George, just a quick note that I've just published a release zip with the precompiled app. If you're familiar with setting up .NET apps in IIS, I don't think there's anything unusual involved. I'm going to run back through the steps, but I believe in a nutshell it's: 1) Install the .NET Core Hosting Bundle Installer on the server running IIS. This should be the only dependency. 2) Create an AppPool with "No Managed Code" for the CLR version, and "Integrated" for the Pipeline. Use a domain service account or identity with the appropriate access to run your scripts. 3) Unzip the release into a folder, and add an "Application" in your IIS site pointed at that folder. Set it to use your new AppPool you created. Change the Authentication so that only Windows Auth is enabled. You can Require SSL if you want.

And I think that's about it?

Just remember to give yourself access in the appsettings.json file or you'll get a 403 error. You should be able to see the demo script options when it comes up. Then you'd just swap out your own scripts and make the necessary changes to the scriptsettings.json file to configure your scripts.

I'll try to run back through this maybe tomorrow and make some proper notes. Let me know how it goes!

[george-andrei]

Hi Kenneth, it's clear. I'll follow these steps today and get back to you. Thanks a lot!

[sebz71]

Hi Kenneth,

I cannot launch the page with the "Runner scripts" item.

I can only open the "AdminLTE3" site

Can you help me ?

[KennethScott]

@sebz71, what kind of error are you getting when you try to access the scripts page? Can you also give me some details about your environment?

[sebz71]

I don't see how to access the scripts page. (http://localhost)

I rather think it's here? http: // localhost: 5000 But it doesn't work

I ran the specOps exe, this is what I get in the log

---

2021-11-26 17:55:05.001 +01:00 [INF] User profile is available. Using 'C:\Users\sebz71\AppData\Local\ASP.NET\DataProtection-Keys' as key repository and Windows DPAPI to encrypt keys at rest. 2021-11-26 17:55:05.560 +01:00 [INF] Now listening on: http://localhost:5000 2021-11-26 17:55:05.562 +01:00 [INF] Application started. Press Ctrl+C to shut down. 2021-11-26 17:55:05.562 +01:00 [INF] Hosting environment: Production 2021-11-26 17:55:05.562 +01:00 [INF] Content root path: C:\inetpub\wwwroot\SpecOps 2021-11-26 17:55:13.963 +01:00 [INF] Request starting HTTP/1.1 GET http://localhost:5000/ - - 2021-11-26 17:55:13.969 +01:00 [WRN] Failed to determine the https port for redirect. 2021-11-26 17:55:14.088 +01:00 [INF] Authorization failed. These requirements were not met: RolesAuthorizationRequirement:User.IsInRole must be true for one of the following roles: (SrvSpecCops\administrateur|DomAd\sebz71) 2021-11-26 17:55:14.091 +01:00 [ERR] HTTP GET / responded 500 in 118.5575 ms System.InvalidOperationException: No authenticationScheme was specified, and there was no DefaultChallengeScheme found. The default schemes can be set using either AddAuthentication(string defaultScheme) or AddAuthentication(Action configureOptions). at Microsoft.AspNetCore.Authentication.AuthenticationService.ChallengeAsync(HttpContext context, String scheme, AuthenticationProperties properties) at Microsoft.AspNetCore.Authorization.Policy.AuthorizationMiddlewareResultHandler.HandleAsync(RequestDelegate next, HttpContext context, AuthorizationPolicy policy, PolicyAuthorizationResult authorizeResult) at Microsoft.AspNetCore.Authorization.AuthorizationMiddleware.Invoke(HttpContext context) at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context) at Serilog.AspNetCore.RequestLoggingMiddleware.Invoke(HttpContext httpContext) 2021-11-26 17:55:14.183 +01:00 [ERR] An unhandled exception has occurred while executing the request. System.InvalidOperationException: No authenticationScheme was specified, and there was no DefaultChallengeScheme found. The default schemes can be set using either AddAuthentication(string defaultScheme) or AddAuthentication(Action configureOptions). at Microsoft.AspNetCore.Authentication.AuthenticationService.ChallengeAsync(HttpContext context, String scheme, AuthenticationProperties properties) at Microsoft.AspNetCore.Authorization.Policy.AuthorizationMiddlewareResultHandler.HandleAsync(RequestDelegate next, HttpContext context, AuthorizationPolicy policy, PolicyAuthorizationResult authorizeResult) at Microsoft.AspNetCore.Authorization.AuthorizationMiddleware.Invoke(HttpContext context) at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context) at Serilog.AspNetCore.RequestLoggingMiddleware.Invoke(HttpContext httpContext) at Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware.gAwaited|6_0(ExceptionHandlerMiddleware middleware, HttpContext context, Task task) 2021-11-26 17:55:14.201 +01:00 [INF] Authorization failed. These requirements were not met: RolesAuthorizationRequirement:User.IsInRole must be true for one of the following roles: (Test-SpecCops\administrateur|sdis71ad\infogerance) 2021-11-26 17:55:14.201 +01:00 [ERR] HTTP GET / responded 500 in 9.6801 ms System.InvalidOperationException: No authenticationScheme was specified, and there was no DefaultChallengeScheme found. The default schemes can be set using either AddAuthentication(string defaultScheme) or AddAuthentication(Action configureOptions). at Microsoft.AspNetCore.Authentication.AuthenticationService.ChallengeAsync(HttpContext context, String scheme, AuthenticationProperties properties) at Microsoft.AspNetCore.Authorization.Policy.AuthorizationMiddlewareResultHandler.HandleAsync(RequestDelegate next, HttpContext context, AuthorizationPolicy policy, PolicyAuthorizationResult authorizeResult) at Microsoft.AspNetCore.Authorization.AuthorizationMiddleware.Invoke(HttpContext context) at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context) at Serilog.AspNetCore.RequestLoggingMiddleware.Invoke(HttpContext httpContext) at Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware.HandleException(HttpContext context, ExceptionDispatchInfo edi) 2021-11-26 17:55:14.202 +01:00 [ERR] An exception was thrown attempting to execute the error handler. System.InvalidOperationException: No authenticationScheme was specified, and there was no DefaultChallengeScheme found. The default schemes can be set using either AddAuthentication(string defaultScheme) or AddAuthentication(Action configureOptions). at Microsoft.AspNetCore.Authentication.AuthenticationService.ChallengeAsync(HttpContext context, String scheme, AuthenticationProperties properties) at Microsoft.AspNetCore.Authorization.Policy.AuthorizationMiddlewareResultHandler.HandleAsync(RequestDelegate next, HttpContext context, AuthorizationPolicy policy, PolicyAuthorizationResult authorizeResult) at Microsoft.AspNetCore.Authorization.AuthorizationMiddleware.Invoke(HttpContext context) at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context) at Serilog.AspNetCore.RequestLoggingMiddleware.Invoke(HttpContext httpContext) at Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware.HandleException(HttpContext context, ExceptionDispatchInfo edi) 2021-11-26 17:55:14.205 +01:00 [ERR] Connection id "0HMDGVM21CEG5", Request id "0HMDGVM21CEG5:00000002": An unhandled exception was thrown by the application. System.InvalidOperationException: No authenticationScheme was specified, and there was no DefaultChallengeScheme found. The default schemes can be set using either AddAuthentication(string defaultScheme) or AddAuthentication(Action configureOptions). at Microsoft.AspNetCore.Authentication.AuthenticationService.ChallengeAsync(HttpContext context, String scheme, AuthenticationProperties properties) at Microsoft.AspNetCore.Authorization.Policy.AuthorizationMiddlewareResultHandler.HandleAsync(RequestDelegate next, HttpContext context, AuthorizationPolicy policy, PolicyAuthorizationResult authorizeResult) at Microsoft.AspNetCore.Authorization.AuthorizationMiddleware.Invoke(HttpContext context) at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context) at Serilog.AspNetCore.RequestLoggingMiddleware.Invoke(HttpContext httpContext) at Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware.g__Awaited|6_0(ExceptionHandlerMiddleware middleware, HttpContext context, Task task) at Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware.HandleException(HttpContext context, ExceptionDispatchInfo edi) at Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware.gAwaited|6_0(ExceptionHandlerMiddleware middleware, HttpContext context, Task task) at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Http.HttpProtocol.ProcessRequests[TContext](IHttpApplication`1 application) 2021-11-26 17:55:14.247 +01:00 [INF] Request finished HTTP/1.1 GET http://localhost:5000/ - - - 500 0 - 297.8402ms

---

My configuration is under IIS under Windows 10

[KennethScott]

@sebz71 - a couple of things I can see from your screenshots: 1) It looks like you've downloaded the full source and are trying to run it in IIS. You probably want the precompiled zip available on the Releases page. 2) The way you've got it set up there I'm betting the URL will be http://localhost/SpecOps (or https if you required it in IIS)

I also wanted to mention to be sure you have the correct hosting bundle installed. I noticed the Microsoft download page I originally linked to now has the .NET 6 Hosting Bundle as the default package to download. This project is still .NET 5, so you want to make sure you actually have the correct version (but I think the error will clearly tell you it can't find the proper .NET version when you get that far).

I'm working on updating the app to .NET 6, but for now, you'll need to go to the main .NET Download page and click on .NET 5. You should then be able to grab the latest .NET 5 Hosting Bundle (currently 5.0.12) that should install everything you need.

The only other thing I can think of is to make sure you give yourself access to the site via the appsettings.json file if you download a fresh copy of the app via the releases zip.

Let me know how it goes-

[sebz71]

I had well installed .Net 5 (5.0.12)

I downloaded "Source Code .zip", here is my IIS config :

I have this error :

[KennethScott]

If you're going to use the source version, you'd need to open it with Visual Studio and build and deploy it yourself. Try downloading the zip from the Releases page.

On Tue, Nov 30, 2021 at 3:05 AM sebz71 @.***> wrote:

I had well installed .Net 5 (5.0.12)

I downloaded "Source Code .zip", here is my IIS config :

[image: image] https://user-images.githubusercontent.com/94788607/144017316-663a9a71-37a7-48bb-9c9e-0258d0b852c3.png

[image: image] https://user-images.githubusercontent.com/94788607/144017135-8363309f-b286-43fe-9feb-df3ced4d9967.png

I have this error :

[image: image] https://user-images.githubusercontent.com/94788607/144016368-fc38ca54-8d09-4241-b57b-87836111f32a.png

[image: image] https://user-images.githubusercontent.com/94788607/144016458-dd634f44-bc2f-426d-9640-bd0fa30f3aa6.png

[image: image] https://user-images.githubusercontent.com/94788607/144016478-a6015bad-99dd-415c-8020-764b1a82bacb.png

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/KennethScott/SpecOps/issues/1#issuecomment-982426011, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAGJBS3RPSZWUN4J4IITWCLUOSHVZANCNFSM44AQUQYQ . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.

[KennethScott]

@sebz71 were you able to get it working?