Home/ Questions/Q 8789991
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-13T22:32:31+00:00

Can someone provide a code sample or resource which can help me programatically get

  • 0

Can someone provide a code sample or resource which can help me programatically get status, enable and disable extended protection for authentication in IIS 7/IIS 7.5 using C#?

C# with WMI/ADSI is preferred.

i.e I am asked to use System.Management API or Microsoft.Web.Administration API using C# and i need to determine if EAP is enabled or not on a web server level (as web server default for all future websites).

Any other solution using C# is also welcome.

Looking forward to helpful answers. Thanks

Steve

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Microsoft graciously provided a web page that not only explains this new concept (i.e., Extended Protection for Authentication, flag=extendedProtection), but provides sample code (copied below) in several languages. Here’s their C# code to enable EAP in IIS7/7.5.

    Implementing this over WMI will need to use explicit credentials and set impersonationLevel=Impersonate. An alternate method was recently created by Frank White on SO, and I detailed a fully fleshed code for it here: https://stackoverflow.com/a/11948096/1569434

    using System;
using System.Text;
using Microsoft.Web.Administration;

internal static class Sample
{
   private static void Main()
   {
      using (ServerManager serverManager = new ServerManager())
      {
         Configuration config = serverManager.GetApplicationHostConfiguration();

         ConfigurationSection windowsAuthenticationSection = config.GetSection("system.webServer/security/authentication/windowsAuthentication", "Default Web Site");
         windowsAuthenticationSection["enabled"] = true;

         ConfigurationElement extendedProtectionElement = windowsAuthenticationSection.GetChildElement("extendedProtection");
         extendedProtectionElement["tokenChecking"] = @"Allow";
         extendedProtectionElement["flags"] = @"None";

         ConfigurationElementCollection extendedProtectionCollection = extendedProtectionElement.GetCollection();

         ConfigurationElement spnElement = extendedProtectionCollection.CreateElement("spn");
         spnElement["name"] = @"HTTP/www.contoso.com";
         extendedProtectionCollection.Add(spnElement);

         ConfigurationElement spnElement1 = extendedProtectionCollection.CreateElement("spn");
         spnElement1["name"] = @"HTTP/contoso.com";
         extendedProtectionCollection.Add(spnElement1);

         serverManager.CommitChanges();
      }
   }
}
    • 0